Thousands of IP Cameras Hijacked by Persirai, Other IoT
Botnets
The Persirai
backdoor is designed to target more than 1,000 IP camera models, and
researchers said there had been roughly 120,000 devices vulnerable to this
malware at the time of its discovery several weeks ago.
The malware, which uses a recently disclosed zero-day
vulnerability to spread from one hacked IP camera to another, allows
its operators to execute arbitrary code on the targeted device and launch
distributed denial-of-service (DDoS) attacks.
Trend Micro has determined
that of a total of 4,400 IP cameras it tracks in the United States, just over
half have been infected with malware. The percentage of infected cameras spotted by
the security firm in Japan is nearly 65 percent.
They took the safe and no one noticed?
PULLMAN, Wash., June 9, 2017 — Today, Washington
State University (WSU) announced that it is addressing a security
incident involving certain community members’ personal information. Though there is no evidence the personal
information has been accessed or misused, WSU is notifying impacted individuals
and offering free identity protection services to those individuals whose
personal information may have been accessed.
On April 21, 2017, WSU learned
that a locked safe containing a hard
drive had been stolen. The hard
drive was used to store backed-up files from a server used by the university’s
Social & Economic Sciences Research Center (SESRC). Immediately upon learning of the theft, WSU
initiated an internal review and notified local law enforcement. On April 26, WSU
confirmed that the stolen hard drive contained personal information from some
survey participants and, as a result, the university retained a leading
computer forensics firm to assist in the investigation.
The drive contained documents that included personal
information from survey participants, such as names, Social Security numbers
and, in some cases, personal health information.
… The university
is taking steps to help prevent this type of incident from happening again. These steps include strengthening WSU’s
information technology operations by completing a comprehensive assessment of
IT practices and policies, improving training and awareness for university
employees regarding best practices for handling data, and employing best
practices for the delivery of IT services.
SOURCE Washington State University
Reactive vs proactive. I doubt they reimbursed Bangladesh or any
other victim, but they did finally invest in security.
Costs of Bank Cyber Thefts Hit SWIFT Profit Last Year
Hackers stole $81 million from the Bangladesh central bank
in February last year after gaining access to its SWIFT terminal and the
emergence of other successful and unsuccessful hacks rocked faith in a system
previously seen as totally secure.
Despite this,
traffic increased on the network last year, hitting an all time peak in June of
over 30 million messages.
SWIFT's 2016
profit before tax and rebates to its owner-customers fell by 31 percent to 47
million euros ($53 million), following additional investments in security, the
co-operative said in its annual report published on Friday.
Chairman Yawar
Shah said that Belgium-based SWIFT -- the Society for Worldwide Interbank
Financial Telecommunication -- had linked
management goals and incentives to security targets. [Increasingly common. Bob]
SWIFT, which was criticized by some former staff and
customers for failing to have spotted weaknesses in its customers' operating
practices, has expanded its security teams and developed new tools to help clients monitor transactions and spot
anomalies.
Its ability to pre-empt attacks was limited by its
customers’ historic failure to share information about hacks, SWIFT said.
A trend, yet not a tidal wave.
Melinda L. McLellan and Robyn M. Feldstein write:
Effective July 23, 2017,
Washington will join Illinois and Texas as the third U.S. state to impose
statutory restrictions on how businesses collect, use, disclose and retain
biometric information. House
Bill 1493 applies to entities that “enroll a biometric identifier in a
database for a commercial purpose” and includes requirements to provide notice
to individuals and obtain their affirmative consent, both prior to enrollment
and if the business seeks to sell, lease or otherwise disclose the identifier
to a third party.
The new law does not prescribe
the exact form of notice and consent, making clear those processes are
“context-dependent,” and notably, there is no specific requirement that consent
must be written.
Read more on BakerHostetler Data
Privacy Monitor.
Yet another sensor placed on a fleet of cars. What else could we detect or measure?
Researchers Use Ridesharing Cars to Sniff Out a Secret Spying
Tool
… For two months
last year, researchers at the University of Washington paid drivers of an
unidentified ridesharing service to keep custom-made sensors in the trunks of
their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically
every cell tower in the cities of Seattle and Milwaukee—along with at least two
anomalous transmitters they believe were likely stingrays, located at the
Seattle office of the US Customs and Immigration Service, and the
Seattle-Tacoma Airport.
… "We
wondered, how can we scale this up to cover an entire city?" says Peter
Ney, one of the University of Washington researchers who will present the study at
the Privacy Enhancing Technology Symposium in July. He says they were inspired in part by the
notion of "wardriving," the old hacker trick of driving around with a
laptop to sniff out insecure Wi-Fi networks. "Actually, cars are a really good
mechanism to distribute our sensors around and cast a wide net."
Perspective. From a
16th Century postal service to oblivion in a mere 400 years?
Chicago cabbies say industry is teetering toward collapse
Cabbies have long grumbled that the sky is falling as they
lose ground to ride-sharing companies. Now,
cabbies in Chicago are pointing to new data that suggests the decline could
be speeding up.
About 42% of Chicago’s taxi fleet was not operating in the
month of March, and cabbies have seen their revenue slide for their
long-beleaguered industry by nearly 40% over the last three years as riders are
increasingly ditching cabs for ride-hailing apps Uber, Lyft and Via, according
to a study released Monday by the Chicago cab drivers union.
More than 2,900 of Chicago’s nearly 7,000 licensed taxis
were inactive in March 2017 — meaning they had not picked up a fare in a month,
according to the Cab Drivers United/AFSCME Local 2500 report. The average monthly income per active
medallion — the permit that gives cabbies the exclusive right to pick up
passengers who hail them on the street — has dipped from $5,276 in January 2014
to $3,206 this year.
Strange, neither the White House nor Congress is on the
list.
No comments:
Post a Comment