http://liftoff.msfc.nasa.gov/ Security News to keep you updated. en-us http://www.dataway.com Delano Editor 2.0 webmaster@dataway.com webmaster@dataway.com One of the world?s ?big four? accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. 2017-09-27 10:38:50 https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails Guess whose database was hacked, exposing sensitive information that could be used for illegal profit, but who failed to disclose that information to the public in a timely manner?If you picked Equifax, which disclosed a breach on Sept. 7 that resulted in the theft of personal financial information of as many as 143 million Americans, you would only be half right. 2017-09-26 13:37:52 https://www.nytimes.com/2017/09/26/business/dealbook/sec-hack.html Montgomery County, Alabama, the victim of a ransomware attack that began last week, paid hackers a ransom of up to $50,000 to retrieve stolen data, county officials confirmed to FOX Business on Monday.?Montgomery County?s IT Director, Lou Ialacci, said his team worked tirelessly to retrieve the data, but ultimately the county had to pay the ransom in order to retrieve the 60-70 terabytes of data. We paid half Saturday and received half of the data and then paid the remaining on Sunday,? a spokesperson for the Montgomery County Commission said in a statement to FOX Business. 2017-09-26 13:36:42 http://www.foxbusiness.com/features/2017/09/25/alabama-county-officials-paid-as-much-as-50k-in-ransom-to-hackers-for-stolen-data.html Antivirus firm Avast has admitted inadvertently distributing a trojanised version of CCleaner, a popular PC tune-up tool, for nearly a month, infecting an estimated 2.27 million users.Cisco Talos discovered that servers distributing the program were leveraged to deliver malware to unsuspecting victims. 2017-09-18 10:43:02 https://www.theregister.co.uk/2017/09/18/tainted_ccleaner_downloads/ Massachusetts Senator Elizabeth Warren and 11 other Democratic senators introduced a bill this week that could give people the ability to freeze their credit for free. Warren also announced that she's sent letters to the country's three biggest credit reporting firms (Equifax, TransUnion, and Experian), the FTC, the Consumer Financial Protection Bureau, and the Government Accountability Office in an effort to kickstart an investigation into Equifax's monumental data breach that affected more than 140 million Americans. 2017-09-15 15:52:42 https://www.theverge.com/2017/9/15/16316030/equifax-data-breach-credit-freeze-cost The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday. 2017-09-14 09:40:58 https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/ China has set up its first ?commercial? quantum network in its northern province of Shandong, state media said, the country?s latest step in advancing a technology expected to enable ?hack proof? communications. China touts that it is at the forefront of developing quantum technology. In August it said it sent its first ?unbreakable? quantum code from an experimental satellite to the Earth. The Pentagon has called the launch of that satellite a year earlier a ?notable advance?. 2017-09-13 10:25:54 https://www.reuters.com/article/us-china-quantum/china-sets-up-first-commercial-quantum-network-for-secure-communications-idUSKCN1BO0CT?il=0 Syringe pumps used in hospitals around the world have flaws hackers could exploit to change the dosages being delivered to patients. Security researcher Scott Gayou found eight separate flaws in the MedFusion 4000 pump made by Smiths Medical. His discovery led the US Department of Homeland Security (DHS) to issue a warning about the danger this posed. Smiths plans to fix devices by early 2018 and said it was "highly unlikely" any hackers would exploit the flaws. 2017-09-13 10:24:55 http://www.bbc.com/news/technology-41242354 Over the past decade, Bluetooth has become almost the default way for billions of devices to exchange data over short distances, allowing PCs and tablets to transfer audio to speakers and phones to zap pictures to nearby computers. Now, researchers have devised an attack that uses the wireless technology to hack a wide range of devices, including those running Android, Linux, and, until a patch became available in July, Windows. 2017-09-13 10:23:40 https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/ Data leaks have become so commonplace that it?s to become numb to them, but credit reporting service Equifax announced a doozy today that when all is said and done could involve 143 million consumers. This is bad. It was a treasure trove of information for the bad guys out there and included Social Security numbers, birth dates, addresses and, in some instances, driver?s license numbers. As though that weren?t bad enough, 209,000 people had their credit card info leak and the breach also included dispute documents with personally identifying information from 182,000 consumers. 2017-09-07 14:02:28 https://techcrunch.com/2017/09/07/equifax-data-leak-could-involve-143-million-consumers/?ncid=mobilenavtrend Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies? operations, according to researchers at the security firm Symantec. 2017-09-06 12:56:50 https://www.reuters.com/article/us-usa-cyber-energy/hackers-gain-entry-into-u-s-european-energy-sector-symantec-warns-idUSKCN1BH171 A list of login credentials for home routers and more than 1,700 internet of things (IoT) devices has been published on Pastebin. The list contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open Telnet servers as of the end of last week. Victor Gevers, chairman of the GDI Foundation, told Ars Technica that out of those, 1,774 remain accessible using the credentials. 2017-08-29 10:53:48 https://www.infosecurity-magazine.com/news/banner-day-for-botnets-1700-iot/ Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies. 2017-08-21 15:27:54 https://www.engadget.com/2017/08/21/fbi-kaspersky-lab-private-sector/ In what reads like science fiction becoming reality, researchers at the University of Washington have been able to successfully infect a computer with malware coded into a strand of DNA. In order to see if a computer could be compromised in that way, the team included a known security vulnerability in a DNA-processing program before creating a synthetic DNA strand with the malicious code embedded. A computer then analyzed the “infected” strand, and as a result of the malware in the DNA, the researchers were able to remotely exploit the computer. 2017-08-11 15:51:37 https://www.theverge.com/2017/8/11/16130568/scientists-infiltrate-computer-malware-code-dna Malware which has the ability to take down a city's electrical and power grid has been detected. Named 'Industroyer', the malware was identified after an attack on Kiev in 2016 and analysis by ESET of the malware has found that it is capable of controlling electricity substation switches and circuit breakers directly. 2017-06-12 12:17:42 https://www.infosecurity-magazine.com/news/industroyer-malware-kiev-attack/ An invasive form of malware believed to be attached to a Chinese firm could spell "global catastrophe," according to the cybersecurity firm that discovered it. The software has the power to gain near-complete control of targets, including spying on files. 2017-06-02 12:37:43 http://www.digitaljournal.com/tech-and-science/technology/chinese-fireball-malware-could-cause-global-catastrophe/article/494064 A cybersecurity attack that hit most Chipotle restaurants allowed hackers to steal credit card information from customers, the burrito chain confirmed. The company first acknowledged the breach on April 25. But a blog post on Friday revealed the kind of malware used in the attack and the restaurants that were affected. 2017-05-30 13:03:25 http://kron4.com/2017/05/28/most-chipotle-restaurants-hacked-with-credit-card-stealing-malware/ It took only one attempt for Russian hackers to make their way into the computer of a Pentagon official. But the attack didn’t come through an email or a file buried within a seemingly innocuous document. 2017-05-30 10:41:17 https://www.nytimes.com/2017/05/28/technology/hackers-hide-cyberattacks-in-social-media-posts.html Check Point is investing heavily in educating IT pros about the cloud, not only to promote their own cloud security products but to give potential customers the skills they’ll need to keep their jobs as their employers move more and more resources to public cloud providers. 2017-05-10 10:50:14 http://www.networkworld.com/article/3195828/security/check-point-boosts-cloud-security-education-to-help-it-security-pros-stay-relevant.html Cisco has patched a critical security flaw in its switches that can be potentially exploited by miscreants to hijack networks – a flaw disclosed in the Vault 7 leak of CIA files. 2017-05-09 14:20:59 https://www.theregister.co.uk/2017/05/09/cisco_switches_patch_telnet_command/ If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen, then asks them to “continue to Google Docs.” But this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book. 2017-05-03 15:10:46 https://www.theverge.com/2017/5/3/15534768/google-docs-phishing-attack-share-this-document-with-you-spam We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously. 2017-04-25 14:39:32 http://hothardware.com/news/nsa-doublepulsar-exploit-found-wreaking-havoc-on-windows-pcs The chief executive of email unsubscription service Unroll.me has said he is “heartbroken” that users felt betrayed by the fact that his company monetizes the contents of their inbox by selling their data to companies such as Uber. 2017-04-24 14:22:36 https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice A group of hackers is allegedly trying to extort Apple by holding Apple customers? data for ransom and threatening to remotely wipe iCloud accounts connected to both iPhones and iPads if those ransoms are not paid. 2017-03-22 14:09:09 http://www.digitaltrends.com/mobile/apple-hack-ransom-news/ Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control of the devices. There currently is no fix. 2017-03-21 16:40:40 https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/ Microsoft's wide range of online services suffered a second outage this month. Services like Xbox Live, Outlook.com, Skype, OneDrive, and Microsoft?s Windows Store prevented users from signing into accounts for nearly two hours today. The Verge tested a number of accounts, and can confirm that services were experiencing widespread issues. 2017-03-21 16:39:49 http://www.theverge.com/2017/3/21/15009940/microsoft-account-second-outage-march-2017 Many Windows 10 users are unknowingly sending the contents of every keystroke they make to Microsoft due to an enabled-by-default keylogger. This function has been around since the beginning of Windows 10, and is a prime example of why you should never go through the default install process on any Operating System. 2017-03-21 16:38:46 https://www.privateinternetaccess.com/blog/2017/03/microsoft-windows-10-keylogger-enabled-default-heres-disable/ WikiLeaks has promised to release software code of CIA hacking tools to tech firms. The promise from chief Wikileaker Julian Assange - now ensconced in Ecuador's London embassy for four and a half years - came on Thursday during a internet-streamed press conference on Vault 7, its recent CIA cyber-weapons documents dump. 2017-03-14 16:44:30 https://www.theregister.co.uk/2017/03/10/wikileaks_to_pass_cia_hack_code_vendor_patching/