Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Read on for the latest on trojanized malware, smart phone hacks, and cybersecurity legislation.
Electronic Frontier Foundation identified a hacking group dubbed as Dark Caracal as the perpetrators behind cyberattacks that affected thousands of victims from over 20 countries.
Since they emerged back in 2007, these threat actors have managed to pull off some of the most notable and devastating targeted attacks—such as the widely-reported 2014 Sony hack—in recent history.
A Reuters review of hundreds of U.S. federal procurement documents and Russian regulatory records shows that the potential risks to the U.S. government from Russian source code reviews are more widespread.
Security researcher Karan Saini discovered a bug that allows an attacker to bypass the Uber app’s two-factor authentication feature.
The smartphone maker confirmed through its online forum that upwards of 40,000 customers may have had their numbers exposed to hackers.
Phishing attacks used to be relatively simple to fend off. Cybercriminals used to send off their email messages without bothering to clean up telltale spelling and grammar mistakes or even making the sender’s address or name look believable.
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency. In technology, as in life, the only constant is change. As systems undergo innovation, so do the ways people attack them, adapting their methodologies in tandem with their motives to stay ahead of the curve and maximize returns.
Over one million people tune in to play the quiz app daily, but no one has successfully hacked HQ in order to gain a significant advantage.
A Bell spokesperson confirmed that hackers have accessed account numbers, telephone numbers, email addresses and usernames, and have been taken from customers across the country.
Sharing information about cyberthreats that face both private corporations and the government can benefit both institutions, according to attorney and former CIA case officer Jack Rice.
As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Security experts say more hands-on demonstrations are needed to get the nuclear plant to think more creatively about growing cyber threats.
A senior police officer says IoT manufacturers must be held to account when their products open doors to new ways of committing crimes.
Colorado legislators proposed legislation that, if enacted, would change the requirements for how Colorado entities protect, transfer, secure and dispose of documents containing personal information.
Now entering its second decade, the Pwn2Own™ competition will be returning to Vancouver, BC, and the CanSecWest conference on March 14-16 of this year. From its humble beginnings to the 10th anniversary last year, the Pwn2Own contest has grown from a simple exhibition to one of the world’s most exclusive competitions for demonstrating practical attacks on the most up-to-date software and protections. This year’s event offers up to $2,000,000 USD in cash and prizes to security researchers who can successfully demonstrate their attacks in the various categories.
Did any of these stories surprise you? Let me know your thoughts below, or follow me on Twitter: @JonLClay.