Security News
The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
The Kremlin on Tuesday denied US claims that Russian military intelligence was behind cyber attacks targeting Ukraine's power grid, the 2017 French election and the 2018 Winter Olympic Games. President Vladimir Putin's spokesman Dmitry Peskov described US charges against six Russian intelligence officers as "Rampant Russophobia which, of course, have nothing to do with reality."
Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings. Targeted South Koreans, athletes, the International Olympic Committee officials, and more, with spear-phishing and malicious mobile apps in the run-up to the 2018 Winter Olympics in Pyeongchang, South Korea.
Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro. Cybercriminals have put their own spin on passing time with online rap battles, poker tournaments, poem contests, and In-person sport tournaments.
Five researchers hacked Apple Computer's networks - not their products - and found fifty-five vulnerabilities. They have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone's iCloud account and then do the same to the victim's contacts.
A Russian national was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. The man, Yevgeniy Aleksandrovich Nikulin, who will turn 33 next month, was charged in 2016 for using stolen employee credentials to access without authorization the systems of LinkedIn, Dropbox and Formspring.
As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly.
Russia has taken the unusual step of posting a proposal for a new information security collaboration with the United States of America, including a no-hack pact applied to electoral affairs. The document, titled "Statement by President of Russia Vladimir Putin on a comprehensive program of measures for restoring the Russia - US cooperation in the filed [sic] of international information security", opens by saying "One of today's major strategic challenges is the risk of a large-scale confrontation in the digital field" before adding: "A special responsibility for its prevention lies on the key players in the field of ensuring international information security."
A Maryland man was sentenced to 12 months and one day in prison for hacking into and damaging the computers of his former employer. Employed at the company's Washington office, Stafford provided IT technical support to the organization's Washington, McLean, Virginia, and Baltimore offices.
The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group: The reports, which were reviewed by The New York Times in advance of their release, say that the...