Global Cyber News Digest

How to address IoT security risks in the healthcare industry

Source: Tahawultech.com By: Cyber Resilient Group 14August2019

* There has been a surge in the number of cyber-attacks on the healthcare industry in the past five years affecting more than 100 million people worldwide such as Anthem medical, NHS-UK and last year Singapore government's health database.
* IoT vulnerabilities are scanned by cybercriminals at a frenetic pace than ever before. As per one of the AT&T experts there has been a dramatic 458 percent increase in IoT vulnerability scans against devices.

A cybercriminal covered all his tracks-and then he verified his PayPal account

Source: Quartz By: Justin Rohrlich 15August2019

* At the beginning of May, a San Francisco-based tech firm called Scale AI contacted the FBI after discovering its internal computer network had been compromised. Roughly $40,000 had been drained out of its accounts, $140 at a time.
* Law enforcement is under constant pressure to keep up with fast-changing technologies and the corresponding strategies hackers use to get past the latest safeguards and protections. Yet, with just about every aspect of modern life networked together in one way or another, it is extremely difficult to carry out a cybercrime today without leaving clues.

700,000 Choice Hotels records leaked in data breach, ransom demanded

Source: ZDNet By: Charlie Osborne 15August2019

* 700,000 records belonging to Choice Hotels have reportedly been stolen with hackers demanding payment for their return.
* According to Choice Hotels, the bulk of the records was only test information, including the payment card, password, and reservation fields; however, 700,000 records were genuine and contained information on guests such as names, email addresses, and phone numbers.

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

Source: Threat Post
By: Tara Seals
Published: August 15, 2019

* A targeted spearphishing campaign has hit an organization in the energy sector - after using a savvy trick to get around the company's Microsoft email security stack. * The email was legitimately sent by Google Drive to employees - but it had one big "tell" - the email address didn't fit the email naming convention of the targeted company. But most employees wouldn't take the time to check that...

40 percent of children have connected with a stranger online, shocking survey reveals

Source: FOX News By: Christopher Carbone 14August2019

* In the survey, which was conducted by the Center for Cyber Safety and Education in partnership with Booz Allen Hamilton, researchers wanted to determine where kids use the internet without adult supervision, whether they've been taught the basics of internet safety, which websites and apps they visit or use, and what their interactions with strangers were like. * Of the 40 percent, the study found that more than half revealed their phone number to a stranger, one-fifth spoke with a stranger over the phone and 11 percent went as far as to meet a stranger in their own home, the stranger's home, a park, mall or restaurant.

US Cyber Command has publicly posted malware linked to a North Korea hacking group

Source: TechCrunch
By: Zack Whittaker
Published: August 15, 2019

* U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. * The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research.

Cyber criminal collaboration intensifies

Source: ComputerWeekly.com By: Warwick Ashford 14August2019

* The level of cooperation between high-profile cyber threat groups has shifted up a gear, enabling a higher level of automation and making attribution more difficult, research shows.
* Closer relationships between these groups has resulted in a greater degree of sharing tools, which in turn is making it more difficult to identify which group is behind any particular cyber attack, according to the latest Cyber threatscape report from professional services firm Accenture.

How phishing attacks trick our brains

Source: MIT Technology Review By: Patrick Howell O'Neill 8August2019

* It's simple and effective: getting someone to click a malicious link in an email and enter private information such as a password is the most important skill in many hackers' toolkits. Phishing is the most common form of cyberattack and still growing.
* And the reason it's so effective, according to research being done at Google and the University of Florida, is that it takes advantage of how the human brain works-and, crucially, how people fail to detect deception, depending on factors like emotional intelligence, cognitive motivation, mood, hormones, and even the victim's personality.

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

Source: Vice By: Joseph Cox 10August2019

* It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
* "It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," the security researcher known as MG who made these cables told Motherboard after he showed me how it works at the annual Def Con hacking conference.

Zero-day flaw found in building control system

Source: ITProPortal By: Michael Moore 12August2019

* McAfee warns the vulnerability could allow full access to building systems.
* Hackers could be able to hack into an entire building due to a worrying security flaw in a popular management software, researchers have revealed.
* According to new analysus from McAfee, a vulnerability in a commonly used Delta industrial control system that could allow criminals to gain complete control and gain access to all a building's services.