Global Cyber News Digest

10 times malware proved that MacOS isn't bulletproof

Source: SecurityBrief
By: Sara Barker
Published: July 8, 2019
* In the first six months of 2019 there have been at least ten types of malware specifically targeting macOS, indicating that Mac users need to come to terms with the fact that their devices are not immune from attack. * According to security firm SentinelOne's Phil Stokes, cybercriminals are targeting Apple's Mac platform more often - and they're exploiting it.

Microsoft Windows vulnerability BlueKeep could bring the new WannaCry, so are you safe?

Source: ABC News
By: Elise Thomas
Published: July 8, 2019
* While Australians were sleeping, someone on the other side of the world opened an email attachment. That was all it took. * The virus was indiscriminate, hitting everything from French car manufacturers and German railways to Russian banks, from ATMs in India and hospitals in the UK to a mall in Singapore, causing billions of dollars of damage globally.

INM data breach was not for cost-cutting exercise

Source: Irish Times
By: Charlie Taylor
Published: July 8, 2019
* Deloitte inquiry concludes data interrogation was not for reason claimed by Leslie Buckley * The alleged data breach at Independent News & Media, in which thousands of emails from journalists, senior staff and advisers were accessed, was not carried out for the reasons originally claimed by the publisher, a new report has found.

HACKER LEXICON: WHAT IS CREDENTIAL DUMPING?

Source: Wired
By: Andy Greenberg
Published: July 7, 2019
* In many modern hacking operations, the difference comes down to atechnique known as 'credential dumping.'
* The term refers to any means of extracting, or 'dumping,' userauthentication credentials like usernames and passwords from a victimcomputer, so that they can be used to reenter that computer at will andreach other computers on the network.

Even UK's Largest Police Forensics Contractor Isn't Safe From Ransomware

Source: Uber Gizmo
By: Adnan Farooqui
Published: July 7, 2019
* We have been reading about towns in Florida being attacked by ransomware recently. Hackers use this malware to lock down the town's data and don't give it back until a ransom is paid in bitcoin. * The very same thing has happened to Eurofins Scientific, the United Kingdom's largest police forensics lab contractor. It has also paid a ransom to hackers in order to regain access to its data which had been encrypted by the ransomware.

7-Eleven Japan's weak app security led to a $500,000 customer loss

Source: Engadget
By: Mariella Moon
Published: July 6, 2019
* 7-Eleven Japan's mobile payment app had such poor securitymeasures, the company had to shut it down just a couple of days after itsrelease.
* In an announcement explaining the issue, the company admittedthat hackers were able to break into 900 users' accounts and to charge 55million yen ($507,000) in illegal purchases to their debit and credit cardson file within that period, from July 1st when the 7pay app rolled out toJuly 3rd when the service was shut down.

UCSD doctor resigns amid questions about undisclosed Chinese businesses

Source: iNewsSource
By: Brian Stauffer
Published: July 6, 2019

* A renowned UCSD eye doctor who is part of a Chinese recruitment program under FBI scrutiny has resigned amid inewsource's questions about his foreign government affiliations and businesses.
* Kang Zhang, the former chief of eye genetics at the UCSD Shiley Eye Institute, is a member of the Thousand Talents Program, which the FBI says incentivizes scientists to illegally take intellectual property developed at U.S. universities to China. The purpose, authorities say, is to advance the country's 'scientific, economic, and military development goals.'

Man Gets Prison For DDoSing Steam, EA, Microsoft, Sony, Nintendo, DOTA2, Riot Games

Source: Fossbytes
By: Aditya Tiwari
Published: July 5, 2019
* In one of its kind acts, a Utah-based man named Austin Thompson(23) is going to prison for launching DDoS attacks on servers of variousgaming companies.
* The hacker, who goes by the online moniker DerpTrolling,compromised the servers of Microsoft Xbox, Sony Play Station, Quake Live,DOTA2, League of Legends, and Steam between December 2013 and January 2014.

What the ransomware attack debate is missing

Source: The Hill
By: KIERSTEN E. TODT AND ROGER W. CRESSEY
Published: July 5, 2019
* High-profile attacks against Atlanta, Baltimore and now RivieraBeach, Lake City and Key Biscayne in Florida expose the challengesgovernors, mayors and local leaders confront in deciding whether to pay aransom to cyber criminals to regain control of their data.
* Arguments have been made that no government official should pay aransom (Atlanta), that the federal government is to blame for allowingcyber attack tools to be stolen and released on the internet (Baltimore),and that paying a ransom is the only option (Riviera Beach).

Incident Of The Week: Dominion National Finds Evidence of Data Breach Nearly a Decade Later

Source: Cyber Security Hub
By: Kayla Matthews
Published: July 5, 2019
* In late April 2019, Dominion National investigated an internalalert with the assistance of an outside cybersecurity firm.
* The results showed that unauthorized parties could have hadaccess to some of the companies servers since August 25, 2010.