WannaCry hero's fraudulent fund to be refunded: The overwhelming majority of money which had been raised to pay for the legal defence of Marcus Hutchins turned out to have been donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, according to Tor Ekeland, the attorney who was managing the fund. https://www.buzzfeed.com/kevincollier/beset-by-fraud-wannacry-heros-legal-fund-refunds-all
Zerodium offers $500K for zero day vulnerabilities in secure messaging apps: Zerodium, a vendor operating in the nebulous exploit acquisition market, has updated its pricing structure to put a premium on zero-day vulnerabilities in secure messaging applications. Remote code execution and local privilege elevation vulnerabilities in WhatsApp, Signal, Facebook Messenger, iMessage, Telegram and others can fetch as much as $500,000.
FDA recalls half a million Pacemakers over hacking fears: Almost half a million people in the United States are being advised to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient's heartbeat, potentially putting half a million patients lives at risk. http://abbott.mediaroom.com/2017-08-29-Abbott-issues-new-updates-for-implanted-cardiac-devices
New Facebook & Instagram bugs reveal social media risk: Researchers at Kaspersky Lab recently discovered cyberattacks on Instagram and Facebook Messenger intended to steal credentials and spread malware. Both instances demonstrate the potential danger when an attacker seeks power in a social network.
Email campaign sends Locky Ransomware to millions: Researchers from two different security firms have identified two mass email campaigns spreading new variants of the Locky ransomware. The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year. https://thehackernews.com/2017/08/locky-ransomware-emails.html
Businesses hit with payment card breaches not fully PCI compliant: Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
The number of businesses achieving full compliance with their annual Payment Card Industry Data Security Standard (PCI DSS) review reached a record 55.4% last year, but nearly half of companies fall out of compliance within a year, according to the Verizon 2017 Payment Security Report released today.
After dodging prison in Germany, Mirai hacker "BestBuy" charged in UK: Daniel Kaye, a 29-year-old hacker also known as BestBuy and Popopret, is appearing in court in the UK to face hacking charges related to his activity as master of one of the biggest Mirai botnets ever assembled. Kaye, from Egham in Surrey, had already pleaded guilty in a German court for infecting routers and IoT devices with the Mirai malware and using it to launch DDoS attacks.
Bit Paymer ransomware hits Scottish hospitals: Several hospitals in the NHS Lanarkshire board have been hit by a version of the Bit Paymer ransomware. The NHS Lanarkshire board includes hospitals such as Hairmyres Hospital in East Kilbride, Monklands Hospital in Airdrie and Wishaw General Hospital.
OurMine hacker group defaces WikiLeaks website: WikiLeaks is the latest victim of the notorious OurMine hacker group. The crew defaced WikiLeaks.org and visitors were redirected through a DNS poisoning attack to a page created by OurMine displaying the following messages:
“Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”
Swedish web hosting provider Loopia’s customer database leaked: “Security is very important to Loopia and something we work intensively with every day. On Tuesday, 22 August, Loopia was subjected to a criminal offense. With the attack, the hackers have had access to parts of the customer database, including personal and contact information and encrypted (hashade) passwords to Loopia Kundzon.” reads the announcement.
“The violation has not affected your services such as email, web pages, databases or passwords to your email at Loopia. We also want to emphasize that payment card information is not saved in Loopia’s environment and is thus not affected by the infringement.“ http://securityaffairs.co/wordpress/62489/data-breach/loopia-data-breach.html
Google mistake is the root cause of Internet outage in Japan: An error by Google has been found to be the source of a widespread Internet outage in Japan that lasted for about an hour on Friday, August 25. The incident was caused by a BGM route hijack that began at 12:22 PM local Japan time and was fixed by 1:01 PM. http://securityaffairs.co/wordpress/62409/hacking/google-mistakeinternet-outage-japan.html
1 September 2017