Opera announces data breach: stored passwords stolen for 1.7M users. From Naked Security. Opera was once a proudly Norwegian browser that was different from the rest in more than just look and feel. Most other browsers used one of three main core components: Microsoft’s, Mozilla’s or WebKit’s. (WebKit originated from Apple but has now diverged into separate development streams used in browsers like Apple’s Safari, and browsers like Google’s Chrome.) But Opera had its own rendering engine, the complex heart of any browser that’s responsible for converting HTML source into a visible, clickable, usable web page. Opera’s independence made it what you might slightly unkindly think of as the Fifth of the Big Four browser families after Microsoft Internet Explorer (and now Edge), Mozilla Firefox, Google Chrome (and its free cousin Chromium) and Apple Safari.
- US Suspects Russia Behind Computer Hacking in 2 State Election Databases. From Voice Of America.
U.S. officials suspect Russian hackers were responsible for breaking into two state election databases earlier this month.
“This is the closest we’ve come to tying a recent hack to the Russian government,” one official told NBC News on Monday.
The FBI has not identified the two U.S. states whose data bases were attacked, but Yahoo News, which first reported the breaches, quoted sources who say Arizona and Illinois were targeted.
According to Yahoo News, an Illinois election board official said the voter registration system was shut down for 10 days last month after hackers stole personal information on approximately 200,000 voters.
- Cyber security should be expanded to other departments other than IT: CII-KPMG report. From BGR.in. Cyber threats today are no longer restricted to a company’s communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said. According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organization like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. “It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust,” said Richard Rekhy, Chief Executive Officer, KPMG, India.
Fantom Ransomware Mimics Windows Update Screen. From Softpedia.
Ransomware often tries to disguise its malicious behavior using various tricks. The latest method observed is that employed by a new variant called Fantom, which shows a fake Windows Update screen while, in reality, it’s encrypting the user’s files.
The ransomware, spotted for the first time only a few days ago by AVG security researcher Jakub Kroustek, is coded on top of EDA2, a ransomware building kit that was open-sourced last year but eventually taken down.
EDA2 contained flaws that allowed researchers to obtain the decryption keys from the ransomware’s C&C server. According to an analysis from Bleeping Computer, those flaws aren’t there anymore, meaning one of the Fantom coders must have found and fixed them.
The Big Short: Alleged Security Flaws Fuel Bet Against St. Jude Medical. From Security Ledger. Call it The Big Short – or maybe just the medical device industry’s “Shot Heard Round The World”: a report from Muddy Waters Research recommends that its readers bet against (or “short”) St. Jude Medical after learning of serious security vulnerabilities in a range of the company’s implantable cardiac devices.
The Muddy Waters report on St. Jude’s set off a steep sell off in St. Jude Medical’s stock, which finished the day down 5%, helping to push down medical stocks overall. The report cites the “strong possibility that close to half of STJ’s revenue is about to disappear for approximately two years” as a result of “product safety” issues stemming from remotely exploitable vulnerabilities in STJ’s pacemakers, implantable cardioverter defibrillator (ICD), and cardiac resynchronization therapy (CRT) devices. The vulnerabilities are linked to St. Jude’s Merlin@home remote patient management platform, said Muddy Waters.
Government Hackers Caught Using Unprecedented iPhone Spy Tool. From Motherboard. Since its founding in 2010, [Israeli vendor] NSO has developed a reputation for providing sophisticated malware to governments that need to target cellphones in their investigations, although the use of its tools has never been documented before. The company claims that its products are completely stealthy, like a “ghost.” The company has been so guarded about its wares that it’s never had a website, and has rarely given interviews or any comments to the press. But some information has leaked out, including an investment for $120 million by a US-based venture capital firm in 2014 and a subsequent reported valuation of $1 billion.
FBI investigating Russian hack of New York Times reporters, others. From CNN. Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at The New York Times and other US news organizations, according to US officials briefed on the matter. The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said.
- Epic’s forums hacked again, with thousands of logins stolen. From ZDNet. A hacker has stolen hundreds of thousands of forum accounts associated with Unreal Engine and its maker, Epic Games. More than 808,000 accounts were stolen in the attack — with more than half a million from Unreal Engine’s forums alone. Breach notification site LeakedSource.com, which obtained a copy of the database, said the attack was carried out August 11. The hacker, whose name isn’t known, exploited a known SQL injection vulnerability found in an older vBulletin forum software, which allowed the hacker to get access to the full database.
- Cybersecurity student researches how to keep cars safe from hacking. From Phys.org. In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering. In 2015, two researchers remotely hacked a Jeep Cherokee being driven by a reporter who documented how the researchers controlled everything from the car’s radio and media console to its brakes and steering.