Thursday, January 31, 2019

I’m surprised it took them almost two years to do this.
Bangladesh to Sue Philippine Bank Over $81M Cyber Heist
Unidentified hackers stole $81 million from the Bangladesh central bank's account with the US Federal Reserve in New York in February 2016.
The money was then transferred to a Manila branch of the Rizal Commercial Banking Corp (RCBC), swiftly withdrawn and laundered through local casinos.
A case will be filed against RCBC and "all others" involved in the heist to try and retrieve the stolen funds, Bangladesh central bank governor Fazle Kabir told AFP.
The Philippines in 2016 imposed a record $21 million fine on RCBC after investigating its role in the audacious cyber heist.
The bank has rejected the allegations and in 2017 accused Bangladesh's central bank of a "massive cover-up".
This month ex-RCBC manager Maia Deguito was handed a lengthy jail term and $109 million in fines in the first conviction over the massive theft.
The theft exposed the Philippines as a haven for dirty money, where some of the world's strictest bank secrecy laws protect account holders from scrutiny
The hackers bombarded the US Federal Reserve with dozens of transfer requests, attempting to steal a further $850 million.
But the bank's security systems and typing errors in some requests prevented the full theft.




Something my Computer Security students need to consider.
Businesses Are Finding Out That Cyber Insurance Coverage Might Not Be What They Thought
… Evidence is building that many of these cyber insurance policies might be close to worthless, as insurance companies look for any excuse possible to avoid paying out the full amount of a claim.
One of the most extensive studies on the state of cyber insurance coverage comes from Mactavish, the UK’s leading expert on insurance governance. The company recently launched its own Cyber Risk Consulting Practice, and sought to determine the current parameters of the cyber insurance market. What they found was disappointing, to say the least. Overall, there were at least eight major flaws in how cyber insurance coverage is determined and eventually paid out. What insurance covers can be very confusing.
The leading flaw, according to Mactavish, is that most insurance claims are limited to attacks and unauthorized activity, and do not include coverage from accidental errors and omissions. Thus, when deciding whether or not to pay out a claim, an insurance company could simply point to a factor like human error and refuse to pay out the claim for a hacked computer system.




...and we’re probably not done yet!
Hackers Are Passing Around a Megaleak of 2.2 Billion Records
… Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.




Wait until the GDPR hits these companies.
Cheap Internet of Things gadgets betray you even after you toss them in the trash
… Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.
In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.
All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.
The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture or bought it secondhand.




I don’t see this as illegal or immoral. We should probably start an organization to do this that is not aligned with any government. Recruit my Ethical Hacking students.
Special Report: Inside the UAE’s secret hacking team of U.S. mercenaries




No one thought this was illegal? Selling the lie is illegal, buying the lie is not?
First on CNN: NY Attorney General targets fake social media activity
A company that brought in millions of dollars in revenue by creating fake social media posts and comments has settled a case with the state of New York after a probe exposed its activities. It's the first finding by a law enforcement agency indicating that such activity constitutes illegal deception and illegal impersonation, according to the state's top attorney.
The New York Attorney General's office is making it clear that, in its view, selling fake social media activity in the state is illegal.
… The settlement between Devumi and the state of New York does not address whether the activity of Devumi's customers is also illegal.




Perspective. Lots of data and some graphics to make it understandable.
Digital trends 2019: Every single stat you need to know about the internet
We Are Social and Hootsuite’s latest collection of Global Digital reports reveals that internet users are growing by an average of more than one million new users every day, with all of the original ‘Next Billion Users’ now online.




A simple intro with pointers to other resources.
An intro to artificial intelligence for the average human (you)
[Also see: SAS Software's complete guide to artificial intelligence




Could be a useful tool.
CleverPDF Offers 20 Ways to Work With PDFs in Other Formats
CleverPDF is a free service that anyone can use to convert a PDF into a Word document, a Pages file, or an ePub file. That's just the tip of the iceberg of what's on offer from CleverPDF. The service can be used to create PowerPoint slides, Keynote slides, images, Numbers, and Excel files.
In addition to turning existing PDFs into other formats, CleverPDF can be used to convert other files into PDFs. For example, you can use CleverPDF to create PDFs from Word, PPTX, Excel, and images.
And if you already have a PDF, but need to modify it, CleverPDF has tools for that too. CleverPDF will let you combine PDFs, split PDFs, apply watermarks to your PDFs, and encrypt your PDFs.
I used CleverPDF to convert one of my PDFs into a Word document today. It was quick and easy. I didn't have to register on the site or enter my email address in order to convert my PDF and then download the Word document.




...and you don’t even need leather pants!
Harley-Davidson reveals 2 new electric concepts that would not require a motorcycle license
… According to a news release from H-D, “these concepts explore the potential of urban mobility and two-wheeled adoption.” Also noted, the “goal for the concepts is to not require a motorcycle license to operate and feature twist and go operation; lowering the learning curve and expanding the opportunity to riders and aspiring riders everywhere in the process.”


No comments: