A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

First of all, let me inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog
http://securityaffairs.co/wordpress/48202/breaking-news/securityaffairs-best-european-personal-security-blog.html

THANK YOU!

 

Experts from CloudFlare spotted a new dangerous botnet
US Presidential commission presents recommendations on cybersecurity
Security Affairs newsletter Round 89 – News of the week
Kapustkiy hacked the National Assembly of Ecuador website
Data breach at the Japanese Shiseido, 420,000 users records exposed
Uber asks to track your location even when youre not using the app
Another Russian Bank, the VTB bank, was hit by a cyber attack
85 Million user accounts stolen from the Video-sharing website Dailymotion
Chinese hackers behind the CNACOM campaign hit Taiwan website
Nintendo announced its bug bounty program for 3DS Consoles. Rewards up to $20,000
North Koreans Red Star OS can be easily hacked remotely
Adobe Flash Player flaws remain the most used by Exploit Kits
Argentinian Ministry of Industry hacked by Kapustkiy
Stegano campaign exposed millions netizens via attack code in pixels of ads banners
Dozens of Sony cameras affected by a secret backdoor
An individual hacked back the San Francisco Muni hacker
CVE-2016-8655 – A new 5-Year-Old flaw found in the Linux Kernel
Floki Bot rapidly evolves and targets also PoS data
Employees Provident Fund organisation, India website found INSECURE
Thieving Magpie allows NSA spies to snoop on in-flight mobile calls
A flaw in the Yahoo Email service allowed hackers to access targets emails
Israeli TV broadcast hacked, attackers played Muslim call to prayer
Hackers targeted the heavy industry ThyssenKrupp and stole industrial secrets
Surface Defense DDoS platform – Gamification of attacks
Hacker Interviews – Gabriel Bergel
Popcorn Time ransomware, pay up the ransom or spread it to decrypt the files
Lax Cybersecurity at Nuclear Facilities is a Recipe For Widespread Disaster
Waiting for a fix, stop using Netgear R7000 and R6400 routers to avoid hacks
APT 28 group is ramping up information warfare against Germany

Email address: Hurry up, subscribe to the newsletter, next Sunday you will receive all the news directly in your inbox.I desire to inform you that Security Affairs is now open to sponsored content.
I’ll offer the opportunity to:
•    Insert banners of various sizes in all the posts on Security Affairs.
•    Publish sponsored posts written by the customers that can include any kind of commercial reference.
•    Arrange a monthly/quarterly/annual campaign (for big customers) to advertise customers’ activities and discoveries.
For more info contact me at pierluigi.paganini@securityaffairs.co
Thanks for supporting Security Affairs.

newsletter

Once again thank you!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 90 – News of the week appeared first on Security Affairs.

Source: securityaffairs

Experts at the Nuclear Industry Summit (NIT) explained how to reduce the risk of damaging cyberattacks at nuclear facilities.

The threat of cyber attacks on nuclear power plants and other nuclear facilities is substantial and on the increase, according to experts at the Nuclear Industry Summit, held earlier in the year. Hackers are becoming more skillful and dangerous in a way that could have a devastating impact on nuclear facilities and grids.

It is imperative that businesses, governments, and regulators make cybersecurity an industry-wide priority. Experts at the Nuclear Industry Summit (NIT) emphasized that hackers have turned their focus on these systems because therein lies the key to causing massive chaos and damage.

The most successful publicly known cyberattack on a nuclear facility utilized malware which caused serious damage to production equipment at an Iranian plant that was enriching nuclear materials. That virus was the infamous Stuxnet, which was able to induce the facility’s centrifuges to spin out of control and break down.

Potential attacks on non-nuclear, major industrial sites is also gravely concerning. For instance, an attack on Ukraine’s electrical grid left thousands of people without power. The attackers used a program called BlackEnergy which targets industrial control systems. According to RegBlog, “cybersecurity threats are an all-too-real risk for many buildings and electric grids connected to the Internet. According to a U.S. Department of Homeland Security report, although ‘the energy sector only represents 5-6 percent of U.S. GDP, the energy industry is subject to roughly 32 percent of all cyberattacks.”

In October, Yukiya Amano, Director-General of the International Atomic Energy Agency (IAEA), United Nations (UN) nuclear watchdog, a nuclear power plant in Germany was hit by a “disruptive” cyber attack two to three years ago.

At that time, Security Affairs noted that it was not the first time that news of a cyber attack on a nuclear plant had been announced. There had already been three publicly known attacks against nuclear plants:

Nuclear Facilities

To make matters worse, it is also believed that ISIS hackers could target European nuclear power stations. This warning was issued by the UN in October. The organization’s nuclear watchdog group indicated that cyber cyberjihadis will attempt to hack into any vulnerable installations in their quest to commit large-scale acts of terrorism.

According to The Sun, the Brussels bombers had previously researched attacking a Belgian power plant prior to their deadly suicide attack on the capital’s airport and metro.

“International security experts have warned that as their territorial dominance abates, they will focus more of their attention on cyber terror.

Though blowing up a nuclear power station is still thought to be beyond the capabilities of most militant groups at present some vulnerabilities could still be exploited, boffins warned.

Belgium’s nuclear plants are a potential target, according to European Union officials. But, countries are not prepared to handle nuclear facility attacks and the nuclear industry continues to underestimates cyber security risk–the components of a recipe for a nuclear disaster.

A report published this week, by the Nuclear Threat Initiative (NTI), outlines a set of recommendations for improving cyber security at nuclear facilities. The recommendations are based on 12-months of analysis by an international group of technical and operational experts.

One of the most crucial recommendations involves efforts to essentially institutionalize cybersecurity. Nuclear facilities would need to learn from their safety and physical security programs, as well as integrate these methods into their cybersecurity programs.

In addition to institutionalizing cybersecurity, the following was also recommended:

  • Governments and regulators are encouraged to assist by prioritizing the development and implementation of regulatory frameworks, in addition to attracting skilled people into this field.
  • Employ active defenses. Experts caution that a determined adversary will likely be capable of breaching the systems of a nuclear facility, so organizations must be prepared and capable of responding to such incidents.
  • Threat information should be shared, incidence response exercises conducted, more resources obtained from governments and active defense capabilities developed.
  • Digital systems should be designed with less complexity.
  • Engage in research which will lead to the development of difficult to hack systems. Ideally, this would include governments “investing in transformative research, the nuclear industry supporting the cybersecurity efforts of relevant organizations, and international organizations encouraging creativity for mitigating cyber threats.”

While these recommendations are being carried out, emphasis should be placed on the human element. The Stuxnet incident demonstrates how a tenacious hacker can overcome cyber protection efforts simply by targeting vulnerable employees.

Ryan Kalember, of Proofpoint, a cybersecurity firm, has remarked that, “the lesson from that is that people are always the weak link in the [cybersecurity] chain.”

Written by: CandiceLanier

candicelanierAuthor Bio:

Candice Lanier is Chief of Security at BlackOps Cyber, an intelligence agency specializing in counterterrorism, cybercrime and Darknet operations. She is a former member of GhostSec, a group of ethical hackers focused on counterterrorism, which merged with BlackOps Cyber. Candice also writes for RedState, The Christian Post, The Blacksphere and Medium.
medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Nuclear Facilities, cyber security)

The post Lax Cybersecurity at Nuclear Facilities is a Recipe For Widespread Disaster appeared first on Security Affairs.

Source: securityaffairs

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

First of all, let me inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog
http://securityaffairs.co/wordpress/48202/breaking-news/securityaffairs-best-european-personal-security-blog.html

THANK YOU!

Donald Trump will control the NSA – what this means for your privacy
Pawn Storm APT conducted spear-phishing attacks before zero-days was fixed
BlackNurse attack, how to knock big servers offline with a laptop
Security Affairs newsletter Round 86 – News of the week
AdultFriendFinder company data breach exposes 412 million accounts
Russia is going to ban LinkedIn after court ruling. Whats next?
Were the Recent Arrests in Ohio Part of ISIS Catastrophic Plan for the US?
The hacker Kapustkiy continues to target embassies and universities
NIST Small Business Information Security guide for Small businesses
CVE-2016-7461 code execution flaw affects VMware Workstation
Ransomware: How to recover your encrypted files, the last guide.
CrySis ransomware decryption keys published online
Experts spotted a secret backdoor in Android phones that sends data to China
Hacker behind Spamhaus attack will not spend any time in the jail
The Carbanak gang is now targeting the healthcare industry
CVE-2016-4484 Hold down the Enter key for 70 sec to gain a Linux Root shell
OurMine hackers hacked Mark Zuckerbergs online accounts for the second time
PoisonTap hacking tool can compromise any password-protected PC
The Carbanak gang is now targeting the hospitality industry
CryptoLuck Ransomware spread through the RIG-E Exploit Kit
Hacker Interview – Kapustkiy
How to Bypass iPhone Passcode and access personal data on the device
Three Mobile cyber data breach, six million customers private data at risk
Drupal releases security updates to fix four vulnerabilities in versions 7, 8
Are you an iPhone user? Your call history is uploaded on iCloud too
Kapustkiy breached an Italian Government website, exposing 9,000 of 45,000 records
Mirai botnet leverages STOMP Protocol to power DDoS attacks
How the Mirai botnet hacks a security camera in a few seconds
GeekedIn service exposed 8 million GitHub profiles online

Email address: Hurry up, subscribe to the newsletter, next Sunday you will receive all the news directly in your inbox.I desire to inform you that Security Affairs is now open to sponsored content.
I’ll offer the opportunity to:
•    Insert banners of various sizes in all the posts on Security Affairs.
•    Publish sponsored posts written by the customers that can include any kind of commercial reference.
•    Arrange a monthly/quarterly/annual campaign (for big customers) to advertise customers’ activities and discoveries.
For more info contact me at pierluigi.paganini@securityaffairs.co
Thanks for supporting Security Affairs.

newsletter

Once again thank you!

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 87 – News of the week appeared first on Security Affairs.

Source: securityaffairs