Week in review: DoS attacks against hard disk, ethical hacking, and the rise of ransom hacks

Here’s an overview of some of last week’s most interesting news and articles:

Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised
Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians.

What is the impact and likelihood of global risks?
Based on the opinions of almost 1,000 global experts and decision-makers, the top 5 global risks in 2018 in terms of likelihood are extreme weather events, natural disasters, cyber attacks, data fraud or theft, and failure of climate-change mitigation and adaptation.

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors
The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia.

Internet of Things security issues bleed into 2018
The great majority of the new IoT security schemes proposed do not work to protect the devices already installed within your networks, and the many competing and new ideas for protecting IoT are still years away from volume deployment. This combination of perpetually-connected and never secure makes IoT devices the perfect storm of opportunity for cyberattackers.

Infosec expert viewpoint: Google Play malware
Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Here’s what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps on the official Android app store.

Is ethical hacking more lucrative than software engineering?
HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries.

Insights from 700M thwarted cyberattacks show how the fight against cybercrime has intensified
Fraudsters are no longer looking to make a quick buck from stolen credit cards. Instead, they are targeting more ambitious attacks that produce long-term profits, leveraging sets of stolen identity data.

Abandoned by Microsoft, Equation Editor gets “security-adopted” by micropatch pros
Last week, Microsoft did away with Equation Editor, a tool that has been part of Microsoft Office for over 17 years. The reason behind the move? A remote code execution vulnerability actively exploited in the wild.

Stackhackr: Free malware simulation tool
Stackhackr lets you create and customize your own mock malware that simulates malicious behavior — without actually doing any harm on your machine. It’s a quick and safe way to find out whether your company’s machines are vulnerable to real attacks.

Why GDPR will drive a best practice approach
When GDPR was first discussed, many feared that it would force businesses to act more insular and become more defensive about their data. Thankfully, the reality has been very different. Instead we’ve seen a new willingness to work together with partners and specialist cloud providers. Now it looks likely that this collaboration will help to carve out a best practice approach towards GDPR.

DoS attacks against hard disk drives using acoustic signals
The effectiveness of the attack hinges on the attacker’s capability to create the acoustic signal close to the target device, in a way that causes significant vibrations in the drives’ internal components.

The role of trust in security: Building relationships with management and employees
Management may put in place a new security framework, document all new procedures, train staff, and even get an independent certification, but all of this will accomplish nothing if other employees continue to do what they were doing in the first place.

eBook: 5 emerging rail cybersecurity standards
With massive capital investments in rail infrastructure and technology, many countries understand that it’s time cybersecurity standards prescribe technology that prevents cyberattacks from entering critical signaling and control networks. Unidirectional Gateway technology has featured throughout these standards as best practice for protecting control networks. Download Waterfall’s eBook detailing global rail standards’ view on industrial control systems cybersecurity and Unidirectional Gateway technology.

US hospital paid $55,000 ransom to hackers despite having backups
A US hospital has decided to pay a ransom of 4 bitcoin to regain access to some 1,400 files locked by attackers.

HITB Security Conference in Amsterdam to feature innovative research on attack and defense topics
The agenda for Day 1 of the 9th annual HITB Security Conference in The Netherlands has been announced and it’s packed with cutting edge research on a range of attack and defense topics from crypto currencies to fuzzing and more.

Vulnerability in ISC BIND leads to DoS
The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network.

Global IT spending to reach $3.7 trillion in 2018
Cybersecurity spending is receiving more direct attention from leadership and boards across the world.

The rise of ransom hacks, and the potential impact on your business
The percentage of companies reporting financially motivated cyber attacks has doubled over the past two years, with 50% of companies experiencing a cyber attack motivated by ransom in the past year.

Satori variant hacks into mining rigs, steals ETH by replacing wallet address
Qihoo 360 Netlab researchers warn about a new variant of the Satori malware that apparently goes after ether (ETH) mining rigs.

Apple updates iOS security guide
This latest iteration of the gude contains more and updated details about Apple Pay Cash, security certifications and programs, Touch ID and Face ID, Shared Notes, CloudKit end-to-end encryption, TLS, Apple Pay, Paying with Apple Pay on the web, Siri Suggestions, and the Shared iPad feature.

New infosec products of the week​: January 19, 2018
A rundown of infosec products released last week.

More about

Don't miss