Russian Hackers Infected 1 Million Phones With Banking Trojan
… The cybercrime
gang targeted by Russian authorities used spam SMS messages to deliver the
Trojan to individuals in Russia. The
messages informed recipients that their ads or photos had been posted on a
website, and included links to a site that tricked users into downloading and
installing the malware. The threat had
been disguised as various apps, including Avito, Pornhub, Framaroot and
Navitel.
Once it infected a device, the Trojan allowed the
cybercrooks to steal and hide SMS messages coming from banks, and send SMSs to
specified numbers. Since many Russian banks allow their customers to conduct
transactions via SMS, these features allowed the fraudsters to
transfer money from the victims’ accounts into their own.
According to Group-IB, the gang opened more than 6,000
bank accounts to which they transferred the stolen funds. Investigators said the Cron malware was used
to steal an average of $100 (8,000 rubles) from 50-60 bank customers each day.
The cybercriminals managed to infect more than one million
smartphones and stole nearly $900,000 (50 million rubles).
Not a large breach, but one that points to people/places
where one could steal a gun.
Andrew Ruiz reports:
The Florida Department of
Agriculture and Consumer Services is warning customers that
hackers may have obtained the names of more than 16,000 people who have Florida
concealed weapon permits.
The data breach that appears to have originated from overseas
affects people who entered information through the department’s online payment
system.
Read more on WPTV.
While the story leads with the number of
names, it’s important to note that 469
Social Security numbers were also acquired by the hackers.
For the Ethical Hacking toolkit.
'Ultrasecure' Samsung Galaxy S8 iris scanner can be easily
tricked, say hackers
… A CCC video
shows how simple the trick is. In it,
someone uses the night mode on a regular Sony digital camera to surreptitiously
take an infrared shot of the phone user's eyes, from a moderate distance.
The image is cropped and printed out on, cheekily, a
Samsung printer at life size. A contact
lens is placed on the printed iris, to give it the appropriate curvature, and
the Galaxy S8 accepts this as authentication for unlocking the phone.
For my Forensics students.
Al Saikali of Shook Hardy & Bacon LLP writes about a
key issue that has come up a number of times in discussing incident response
and liability:
One of the most significant
questions in data security law is whether reports created by forensic firms
investigating data breaches at the direction of counsel are protected from
discovery in civil class action lawsuits. They are, at least according to an order
issued last week in In re Experian Data Breach
Litigation. 15-01592 (C.D. Cal. May 18, 2017). This post analyzes the decision, identifies
important practical takeaways for counsel, and places it in context with the
two other cases that have addressed this issue.
Read more on Data
Security Law Journal.
Potential jobs for my Computer Security students.
Ira Parghi of Ropes & Gray writes:
Since January 2016, the OCR has
entered into resolution agreements with, and imposed Corrective Action Plans
(CAPs) on, providers and others in at least 12 matters involving the Security
Rule. It has also imposed a Civil
Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted laptop
computers (at least six cases), mobile devices such as iPads or
iPhones, office computers, or portable storage devices.
[…]
Notably, while the underlying
facts of these cases vary somewhat, their CAPs do not. All 12 of the CAPs hone in on the obligation
under the Security Rule to perform
an annual Risk Analysis and Risk Management Plan.
Read more on MedCityNews.
For my students.
… We now know that
the ransomware spread due an exploit in the Windows Server Messaging Block
(SMB) protocol version 1. This is an
outdated version of SMB, used to share files and printers among networked
computers, that Windows still supports for backwards compatibility. Microsoft patched this issue in March, but
affected computers were still vulnerable to attack if they were running
the archaic Windows XP or hadn’t applied updated in Windows 7 for months.
On your own system, you can disable SMB 1.0 in just a
moment — and because 99 percent of home users don’t need the old and insecure
version of this protocol, you can shut it off without any loss of
functionality.
Type Turn Windows features into the Start
Menu and click the entry for Turn Windows features on or off. Scroll down to SMB 1.0/CIFS File
Sharing Support and uncheck the box.
Give Windows a moment to apply the changes, then you’ll have to restart
your computer to complete the action.
Once that’s done, you’ve disabled the awful, insecure protocol from
running on your computer.
Hey! Whatever
works! Nothing new there.
How the Waymo-Uber Lawsuit Could Rewrite Intellectual
Property Rules
… According to
Wagner, trade secret law has traditionally not been seen as “a particularly reliable
or useful way to protect technology,” partly because it is difficult to keep
such technology secret when it is implemented and products based on it are
sold. But that conventional wisdom is up
for a reexamination. “If Google is
successful at putting a dent in Uber’s ability to compete in this field as a
result of this case, then people will take notice of that and you will probably
see more people using trade secrets” as part of their intellectual property
strategies, said Wagner. “On the other
hand, if Google is not successful, or even if they win this case and they don’t
slow Uber down very much, then people are going to go back to what we
traditionally think of in IP, which is unless you have a patent covering the
technology, you don’t have a lot of protection.”
Perspective. Does
this suggest that everyone is upgrading or are there still people like me who
don’t yet own a smartphone?
Gartner: Worldwide Smartphone Sales Grew 9% YoY In Q1 2017
Gartner has just released its smartphone sales report for
the first quarter of this year, and according to the provided info, worldwide
smartphone sales grew by 9 percent this time around. Companies sold a total of 380 million
smartphones in Q1 2017, which is a 9.1 percent increase compared to the same
quarter last year. Gartner also says
that consumers are spending more to get a better phone now, which actually
caused a rise in average selling price for smartphones.
Might be useful in my Statistics class.
Dataset aggregates info on food spending habits using 3
million grocery orders
by Sabrina
I. Pacifici on May 22, 2017
Center for Data Innovation – “Online grocery service
Instacart has published a dataset containing information on 3 million grocery
orders from more than 200,000 de-identified users from 2017. The dataset contains information on what
products users purchased, the sequence they bought them in, when they placed
the order, and the amount of time between Instacart orders. Instacart is releasing this dataset in the
hopes that others will use it to develop algorithms that can predict what items
shoppers will buy again or may be interested in.”
What are you listening to? NOT FREE.
… You need some
websites and apps that take you out of your comfort zone. With that in mind, here are eight essential
websites for broadening your musical knowledge.
No comments:
Post a Comment