‘Guccifer 2.0’ Claims Responsibility for DNC Hack, Releases Docs to Prove it. From Motherboard. A “lone hacker” calling themselves “Guccifer 2.0” has claimed responsibility for hacking the Democratic National Committee and claims reports that the Russian government perpetrated the attack are false. The hacker also says the DNC lied about—or didn’t know the extent of—what was stolen.
ISIS hacker pleads guilty to giving terrorists US military kill list. From ArsTechnica. A hacker the US authorities have labeled as the leader of an overseas Internet hacking group—the Kosova Hacker’s Security—pleaded guilty Wednesday in federal court to charges of providing material support to the US enemy. It was the first known prosecution of a hacker joining forces with a terror group in a bid to carry out terrorism, the government said.
J.P. Morgan’s CIO on the Bank’s Security Game Plan. From WSJ. Facing fierce competition from upstarts in the financial technology, or “fintech,” space, along with constant cybersecurity threats, J.P. Morgan is betting that tech will be an industry game-changer. That’s where Dana Deasy, the bank’s chief information officer, comes in. Mr. Deasy oversees a $9.4 billion technology budget at J.P. Morgan, including about $3 billion in new investments, that is growing—a rarity in size and allocation among large banks. He leads 44,000 technology employees, including more than 18,000 developers.
- I Was Hacked by ISIS. From Boston Review. I was a victim of treachery: one of about 3,000 New Yorkers whose names and “personal information” (the cops didn’t know what) had been hacked from some database (they didn’t know which) and posted to some website (also, no further details). The hackers belonged to the United Cyber Caliphate, which, the police told me, “has some connection with ISIS.”
Hackers want you to continue ignoring this critical home cybersecurity flaw. From American Enterprise Institute. Routers are thus fast becoming rich targets for hackers. In 2012, Kaspersky Labs discovered that cybercriminals had hacked into more than 4.5 million home DSL routers in Brazil by exploiting a chip vulnerability, manipulating router DNS settings to disguise fake infected websites as legitimate ones. Unsuspecting users were thus tricked into downloading malware that stole their passwords and banking information, earning one hacker more than $50,000.
US Republican party shuns electronic ballots at open convention. From Politico. The 2016 Republican presidential campaign has been the definition of an instantaneous digital race, complete with micro-targeted Facebook ads, Twitter tirades and ephemeral Snapchat videos. But the biggest moment of the entire GOP contest, at the party’s national convention in Cleveland, is shaping up to be a decidedly low-tech affair.
- ISIS hacking division release names and personal details of dozens of American soldiers urging lone wolf attacks. From Daily Mail. ISIS hackers have released the names and personal details of dozens of American military personnel urging supporters to assassinate them. The ‘hit list’ which was published on social media, claimed to include the details of American servicemen who had operated drones responsible for the coalition airstrikes.
- Iranian Hacker Arrested for Stealing American Airlines Air Miles Worth $260,000. From Softpedia. Miami police revealed details about a criminal case from 2015 during which officers arrested an Iranian national studying in the US for stealing reward air miles from American Airlines customers worth $260,000. The suspect’s name is Milad Avadzavani, a former Florida International University student, who was arrested last year and is preparing to face trial this summer.
Cybersecurity Professionals Are Using Misdirection To Combat Hacking. From Motherboard. Today, there are many honeypot security programs available with which cybersecurity teams can deploy to draw hackers’ attention wherever they wish it to go. As programming has progressed, honeypots and honeynets have become increasingly etherealized; several virtual machines may all be hosted on a single physical box. But the honeypot approach has its drawbacks. Scalability is the biggest concern–virtual or not, someone has to keep an eye on these systems and corral hackers, and IT teams typically have their hands full managing the regular networks.
- What is a firewall? From Palo Alto Networks. A firewall is a network security device that grants or rejects network access to traffic flows between an untrusted zone (e.g., the Internet) and a trusted zone (e.g., a private or corporate network). The firewall acts as the demarcation point or “traffic cop” in the network, as all communication should flow through it and it is where traffic is granted or rejected access. Firewalls enforce access controls through a positive control model, which states that only traffic defined in the firewall policy is allowed onto the network; all other traffic is denied (known as “default deny”).
1. U.S. Cyberattacks Target ISIS in a New Line of Combat. From NYTimes. The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.
2. Cybersecurity Threats Are Real: You And Your Organization Could Be In Danger. From Forbes. When board members were asked about the amount of knowledge they had on cybersecurity, less than 20% had a high level, 65% had some and 15% had little knowledge. During the webinar, over 50% were dissatisfied with the quality of information provided to the board by management pertaining to cybersecurity and IT risk.
3. The future of the NIST Cybersecurity Framework. From IApp.Org. On April 5-7, the National Institute of Science and Technology hosted a Workshop on its “Framework for Improving Critical Infrastructure Cybersecurity.” The workshop was extremely well-attended, with more than 900 registrants and hundreds more attending by webcast. It was preceded by a NIST request for information, which prompted 105 responses, many from industry associations representing hundreds of companies.
4. Aligning Cybersecurity with Corporate Culture. From Wall Street Journal. Creating a “cybersecurity culture” means instilling in employees an acute sensitivity to cyber risks and arming them with knowledge and tools to mitigate these threats. Tightly linking cybersecurity to the day-to-day work environment could vastly improve organizations’ security posture.
5. Singtel launches first-of-its-kind cyber security institute in Asia Pacific. From Straits Times. Telco Singtel on Tuesday (April 26) launched its Cyber Security Institute (CSI), a hybrid between an advanced cyber range and an educational institute. It is the first-of-its-kind in the region to test and train companies in dealing with sophisticated cyber threats. Housed in a permanent space of over 10,000 sq ft in the eastern part of Singapore, the institute provides cyber skills development and education programmes tailored to the varying needs of company boards, C-suite management, technology and operational staff.
- Hackers Have Launched a War Against the KKK. From EpochTimes. Over the course of the last couple months, websites belonging to the KKK flicked off and on, members of the hate group have had their identities posted online, and their recruiting efforts have been attacked. This has been the work of several hacker collectives, including Anonymous and BinarySec, under a loosely-coordinated operation they’re calling #OpKKK.
- The Latest Data Breach Involves The Voting Records Of 93.4 Million Mexican Citizens. From Yahoo News. Yet another data breach has grabbed international headlines, and this one involves the voting registration records of some 93.4 million Mexican citizens. On April 14, Chris Vickery of MacKeeper discovered that he was able to access a tome of information, including names, birth dates, home addresses, ID numbers, and more, all on an unprotected Amazon cloud server.
This one chart explains why cybersecurity is so necessary. From TrueViralNews (Infographic From BI Intelligence)
Church website hacked by alleged terrorist group. From Fox17 West Michigan. A church in West Michigan is trying to figure out why their website was a target for hackers over the weekend. An alleged terrorist group is taking credit for hacking Lamont Christian Reformed Church’s website. It was 15-year old Elizabeth Storteboom who discovered the website was hacked. Friday night instead of the churches website she read “You have been hacked by the United Cyber Caliphate”, a group that claims to be a cyber army for the Islamic State.
- Vancouver student expelled for hacking high school email system. From Fox19 Cincinnati. A Vancouver Public School District spokesperson said Skyview High School email system was hacked early Tuesday morning by a student. Communications Director Patricia Nuzzo said the student was “emergency expelled” until appropriate disciplinary action can be determined.
- Detailed account of the Hacking Team data breach by FinFisher. From Softpedia. Hacking Team is a Milan-based IT company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who leaked links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code. This article explains how that breach was conducted.
- Dump Adobe QuickTime, Department Of Homeland Security tells Windows users. From Krebs On Security. Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Furthermore, there are two new, unpatched vulnerabilities which could be used to remotely compromise Windows computers.
- More US commandos, choppers and bases are hacking ISIS. From Daily Beast. Three U.S. officials told The Daily Beast that US cyber operations against ISIS have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.
- The National Institute of Standards and Technology is poised to deliver new cybersecurity guidance, according to NIST fellow Ronald Ross. From HealthcareITNews. “We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said.
- Indian political party accused of hacking Facebook. From Economic Times. An internal email communique allegedly from the AIADMK IT Wing president to his team informing that they have hacked Facebook for making posts about their party “go viral” has leaked and the mail itself has gone viral.