Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.
Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Ransomware has become such a big income earner for cybercriminals that every bad guy wants a piece of the pie. The result? More tech-savvy criminals are offering their services to newbies and cybercriminal wanna-bes in the form of do-it-yourself (DIY) kits—ransomware as a service (RaaS). About two weeks ago, a new breed of ransomware dubbed “Stampado” surfaced.
There have been some recent attacks in Germany that have people worried about their security. In the recent Munich shooting, the attacker obtained his gun (a Glock 17 pistol) from an underground market. It shouldn’t be a surprise that the attacker was able to buy a weapon online. Deep Web sites are not particularly difficult to find or access if the user is sufficiently determined to do so.
In the first quarter of 2016, Singaporeans were targeted by phone calls that pretended to be from various courier services. These automated phone calls would say that the victim had received a package, and asked them to provide sensitive personal information such as their name, address, National Registration Identity Card (NRIC) number, passport number, and bank account details.
A hacker is selling stolen credentials that purportedly gives access to servers of the US Navy, Centers for Disease Control, US Postal Service, and other US government sites. Listings for the accounts were found recently on a dark web marketplace called The Real Deal, a popular site many cyber criminals use for buying and selling everything from illegal drugs to zero-day software exploits.
The Democratic National Committee was warned last fall that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter. The missed opportunity is another blow to party officials already embarrassed by the theft and public disclosure of e-mails that have disrupted their presidential nominating convention in Philadelphia.
The 2016 Republican Party platform contains a proposal that’s making many people in the tech sector and elsewhere uneasy, if not downright nervous. It is suggesting the United States should retaliate against cyberattacks from China, Russia and other hostile actors. “Our response should be to cause diplomatic, financial, and legal pain,” the section reads in part.
US President Barack Obama issued a policy directive on Tuesday detailing how the federal government should respond to incidents of cybersecurity. The directive, also known as PPD-41, pushed for shared responsibility and unity regarding attacks and added some clarity for the channels through which private sector organizations report incidents to government agencies.
There are plenty of scary possibilities which range from targeting one person to targeting hundreds of people at the same instant; hacking cars while they are driving down the highway; remotely assassinating a person by hacking their medical device, hacking a plane full of passengers, remotely taking control of weapon systems such as Patriot missile batteries and more.
The White House has a new framework to handle cyberattacks. President Obama approved a new policy this week that outlines when and how government agencies will handle hacking incidents. The Presidential Policy Directive on United States Cyber Incident Coordination is a scale for cybersecurity threats that assigns specific colors and response levels to the danger of a hack.
Data breaches are both costly and damaging to a company’s reputation. But there aren’t enough people to fill open cybersecurity positions. We are reaching a new critical shortage in the workforce. In addition to the health care sector’s impending lack of qualified nurses (and enough teachers to educate new ones) industry experts are sounding a similar alarm for cybersecurity experts.
Twitter has awarded an Indian white-hat hacker $10,080 (Rs 6,80,000) for discovering a security flaw in Vine, its short-form video platform. The hacker, Avinash Singh, was able to use the exploit to access the service’s source code. Singh reported the issue to Twitter in March. Soon after, the company fixed the flaw and gave him a reward of $10,080 through the bug bounty startup HackerOne.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.