Cyber security expert issues bizarre warning that sex robots could be easily hacked and made to KILL their owners

All The Top IT Security News. View this email in your browser Monday 11th September 2017 We collect the news so that you don't have to! Cyber security expert issues bizarre warning that sex robots could be easily hacked and made to KILL their owners A cybersecurity buff has issued a bizarre warning that sex robots could one day rise up and KILL their owners if hackers can get inside their heads. Last month, tech billionaire Elon Musk claimed that artificial intelligence could take over the planet, and he's not the only one concerned about the dangers of killer tech. With sex robots becoming increasingly popular and sophisticated, Cyber security lecturer Dr Nick Patterson revealed that the lifelike dolls could end up going all Terminator on us. However, in the case of sex robots, the danger isn't that the love dolls will end up developing minds of their own, Westworld-style. Instead, the risk is that hackers could breach the realistic robots' inner defences and catch out their owners with their pants down. http://www.itsecurityguru.org/2017/09/11/cyber-security-expert-issues-bizarre-warning-sex-robots-easily-hacked-made-kill-owners/ Popular Minnesota state park hit with malicious malware, warns visitors to check their credit cards The popular Tettegouche State Park on the North Shore of Lake Superior in Minnesota said its computer systems have been infected with malware, authorities confirmed on Friday (8 September). The malware was discovered on 25 August after security specialists noticed a spike in "unusual activity" around 4pm. The state park said experts initiated actions to isolate the site, protect sensitive data, and replace any infected equipment. Local authorities said they are conducting a full forensic analysis into the incident. http://www.itsecurityguru.org/2017/09/11/popular-minnesota-state-park-hit-malicious-malware-warns-visitors-check-credit-cards/ New malware in India which steals money through mobile phones: Report A new malware Xafecopy Trojan has been detected in India which steals money through victims' mobile phones, cyber security firm Kaspersky said in a report. Around 40 per cent of target of the malware has been detected in India. "Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims' mobile accounts without their knowledge," the report said. Xafecopy Trojan is disguised as useful apps like BatteryMaster, and operates normally. The trojan secretly loads malicious code onto the device. http://www.itsecurityguru.org/2017/09/11/new-malware-india-steals-money-mobile-phones-report/ Insurers increasingly concerned about silent cyber exposure Around half of industry practitioners see the risk of silent cyber exposure – potential cyber-related losses due to silent coverage from insurance policies not specifically designed to cover cyber risk – as growing over the coming year, according to Willis Re. In the Willis Re survey, respondents were asked to assess the extent to which, over the next 12 months, the cyber aspect of exposure would increase the likelihood of a covered loss. Around half of respondents felt that the risk of a silent cyber loss from property or other liability was greater than 1 in100 while close to a quarter considered the risk to be greater than 1 in10, illustrating the degree of uncertainty surrounding potential exposure. http://www.itsecurityguru.org/2017/09/11/insurers-increasingly-concerned-silent-cyber-exposure/ Hackers can remotely access and manipulate wireless syringe infusion pumps Internet connected medical devices have increasingly become commonplace. However, such devices could potentially be hacked by cybercriminals. New vulnerabilities uncovered by a security expert show that wireless syringe infusion pumps could be remotely accessed by hackers, who could also exploit the bugs to manipulate the operations of the device. The US Industrial Control Systems (ICS) CERT has issued out an alert, which details that Medfusion 4000 wireless syringe infusion pumps, manufactured by Smiths Medical was found riddled with not one or two, but eight vulnerabilities. The flaws, which were uncovered by independent security researcher Scott Gayou, could potentially be exploited by hackers. http://www.itsecurityguru.org/2017/09/11/hackers-can-remotely-access-manipulate-wireless-syringe-infusion-pumps/

updates

All The Top IT Security News. View this email in your browser Tuesday 12th September 2017 We collect the news so that you don't have to! FA to beef up cybersecurity if England qualify for Russia World Cup The FA will strengthen its cybersecurity before the 2018 World Cup amid fears about Russian hackers Fancy Bears and concern that tactical and team selection information could be leaked before games. England are top of Group F and on course to qualify automatically for the tournament which begins on 14 June. The FA is still assessing training bases but wherever the squad stay all computer equipment belonging to players and support staff will sophisticated anti-hacking software installed. http://www.itsecurityguru.org/2017/09/12/fa-beef-cybersecurity-england-qualify-russia-world-cup/ 10 D-Link zero-day flaws that may give hackers backdoor access and more have been publicly released Zero-day vulnerabilities are generally scary enough that when one is made public, vendors begin scrambling to issue a fix. By nature, zero-day flaws are vulnerabilities that the affected vendor has no knowledge about and thus no patches exist. Alarmingly, not one or two but 10 zero-day flawshave recently been uncovered affecting D-Link routers, which could potentially leave users at risk of cyberattacks. Pierre Kim, a security researcher, chose to publicly expose the vulnerabilities related to D-Link 850L routers, citing "difficulties" working with the vendor on a coordinated disclosure. According to the researcher, the zero-day flaws, if exploited by hackers, could potentially lead to attackers gaining root access to devices and getting backdoor access. They could also remotely hijack and control routers as well as leave users vulnerable to XSS and command injection attacks and more. http://www.itsecurityguru.org/2017/09/12/10-d-link-zero-day-flaws-may-give-hackers-backdoor-access-publicly-released/  Paradise Ransomware Uses RSA Encryption to Encrypt Your Files Today, a victim of a new ransomware called Paradise posted in the BleepingComputer.com forums and uploaded a sample so we could take a look at it. While this ransomware is not revolutionary by any means, since it is in active distribution and a Ransomware as a Service (RaaS), I thought I would provide a brief analysis of how this ransomware works. Unfortunately, the Paradise Ransomware is not decryptable without paying the ransom and affected users should attempt to recover files via alternate methods. http://www.itsecurityguru.org/2017/09/12/paradise-ransomware-uses-rsa-encryption-encrypt-files/ India's "robust" biometric database let millions get fake IDs Criminals managed to circumvent the "robust" security of India's biometric database to issue over 8 million fake identity cards — which Indian citizens use for everything from opening bank accounts to getting married. Police in the northern Indian state of Uttar Pradesh Sunday arrested 10 men as part of a crackdown on a sophisticated fraud scam which involved cloning fingerprints and cracking the security features of the Aadhaar enrollment system — which was described in August as "robust and uncompromised" by the authority charged with protecting it. http://www.itsecurityguru.org/2017/09/12/indias-robust-biometric-database-let-millions-get-fake-ids/  Another reason to hate Excel: its Macros can help pivot attacks A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won't like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he's found loose default launch and access permissions, meaning a macro-based attack doesn't need to interact with the victim. The nutshell version is this: Excel.Application is exposed via DCOM; it has no explicit launch or access permissions set; since the attacker would have to find some other means for the initial compromise, Microsoft Office Macro security won't stop the pivot; and Excel.Application can be launched (and interacted with) remotely. http://www.itsecurityguru.org/2017/09/12/another-reason-hate-excel-macros-can-help-pivot-attacks/

news

Snap! Equifax experiences major breach, Amazon to hunt for new headquarters A daily dose of today's top tech news, in brief. You need to hear this. Atlassian unveils Stride, the successor to chat app HipChat Atlassian, the parent company of popular apps like Jira, Trello, and Bitbucket announced today a successor to its chat app HipChat, which is called Stride. HipChat is one of the most popular chat services in tech, used by industry giants including Tesla and Expedia. Facing competition from major offerings like Slack and Microsoft Teams, Atlassian rebuilt its chat app from the ground up, hoping to secure its foothold as the segment gets more crowded. The app sports an entirely redesigned interface, with a fresh look and less division between text chat, phone meetings, and videoconferencing. "Right within Stride, any member can start a videoconference meeting for the members of a channel," Business Insider writes. "For the duration of that meeting, anybody who comes into the channel will be able to see that there's a call going on and be able to join." Although HipChat and its competitors support video calls, the goal of Atlassian's newest offering is to make implementation of the feature more natural and less intrusive. Users are also able to take public notes within the app while on a call, allowing collaborative tasking and note-taking. The announcement comes less than a week before Slack holds its first-ever user conference in San Francisco, likely intending to reduce hype and redirect focus to its new app. Equifax experiences data breach, 209,000 credit cards may have been stolen Equifax Credit Bureau, which supplies credit reports and other services, said today a cybersecurity breach may have leaked information on 143 million consumers. The leaked data includes 209,000 credit cards, and the birth dates, social security numbers, addresses, and possibly drivers licenses of millions. Personal identifying information of roughly 182,000 consumers was also breached. The company's CEO Richard Smith apologized to consumers and customers, saying that the breach "strikes at the heart of who we are and what we do." "Equifax said it is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities," CNBC writes. "Its private investigation into the breach is complete." Adobe and Microsoft announce expanded partnership Representatives from Adobe and Microsoft have announced today it will expand its partnership with more integrations between the two companies' platforms. Microsoft now considers Adobe Sign its "preferred" e-signature service across Office 365 and Dynamic 365, and Microsoft Teams is now the "preferred" collaboration service for Adobe Creative Cloud, Document Cloud, and Experience Cloud. Adobe has also selected Microsoft's Azure as its "preferred" hosting platform for Adobe Sign. While these services may be "preferred," the agreement is not actually exclusive, and when Adobe announced Azure was its "preferred" cloud provider last year, it continued hosting some of its services on Amazon's AWS, and continues to do so. "In the fall of 2016, the pair said that Adobe Creative Cloud, Marketing Cloud, and Document Cloud would all be available on Azure, and Azure would be the "preferred cloud platform" for these services," ZDNet writes. "The two companies also announced that Adobe's Marketing Cloud would be Microsoft's Marketing module for the Enterprise version of Dynamics 365, its combined CRM/ERP suite." The two companies also say they are planning to work in tandem on machine learning and intelligent document automation, which they say will be implemented into most facets of both platforms. But there's more going on in the world than that. Amazon is looking for the location of its next headquarters Amazon has asked for bids from local and state governments, and hopes to receive proposals from prospective locations in which it could build its new headquarters. The company intends the second location to be equal in size and importance to its massive Seattle tower, saying that it expects to invest more than $5 billion in the location and employ as many as 50,000 employees. Mayors from cities including Memphis, Chicago, Philadelphia, Hartford, Tulsa, St. Louis, and Providence have expressed interest, with many more likely to follow suit. Several cities in Texas are also likely to be considered, as will as major Canadian cities like Vancouver. "We expect HQ2 to be a full equal to our Seattle headquarters," Amazon CEO Jeff Bezos said in a statement. "Amazon HQ2 will bring billions of dollars in up-front and ongoing investments, and tens of thousands of high-paying jobs." Amazon says the average compensation at the new location could top $100,000, and development is likely to begin in 2019. And you can't not know this. Delta passengers get a bumpy ride as their plane flies right through Hurricane Irma Delta flight DJ302 took off from San Juan, Puerto Rico Wednesday afternoon before flying right through one of the most powerful Atlantic hurricanes in history. Shocking, terrifying, and extremely dangerous, right? According to WIRED and the commercial airline pilots they spoke to, flying through most storms is just another day at the office. "It's not that much different from flying through the Midwest in the summertime with thunderstorms," Douglas M. Moss, a commercial pilot and aviation consultant told WIRED. "It's the same techniques, the same tools, the same procedures you use for avoiding thunderstorms." According to experts, it would have been more dangerous and costly to leave the plane on the ground or in the hangar. Officials on the ground elected not to turn the plane away as it was approaching San Juan to land, and after much deliberation, decided to race the storm and get the plane back to safer conditions. Once in the air, highly trained pilots don't find hurricanes to be a significant challenge to fly in. "The flight might have been bumpy for about 15 minutes, a bit rainy and a bit dark," WIRED writes. "For the seasoned traveler, conditions like that are probably NBD."

MANAGE SUBSCRIPTIONS UNSUBSCRIBE COMMUNITY PRIVACY POLICY

Security News

All The Top IT Security News. View this email in your browser Monday 4th September 2017 We collect the news so that you don't have to! Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. http://www.itsecurityguru.org/2017/09/04/vulnerabilities-discovered-mobile-bootloaders-major-vendors/ Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals The TrickBot banking trojan is a new malware strain that appeared in the autumn of 2016 and most experts believe it was developed by some of the developers who worked on the now defunct Dyre banking trojan, some of whose operators were arrested in late 2015 in Russia. http://www.itsecurityguru.org/2017/09/04/banking-trojan-now-targets-coinbase-users-not-just-banking-portals/ Police Seize Domain of Online Store That Stole User's Card Data According to a statement from the Edmonton Police Service (EPS), its Cyber Crimes Investigation Unit started looking into the website after a user complained of fraudulent purchases appearing in his bank statements in May this year. http://www.itsecurityguru.org/2017/09/04/police-seize-domain-online-store-stole-users-card-data/ £200m fake train ticket scam: We put season pass bought on dark web to the test at Britain's busiest station The Mirror team found fakes for sale on the so-called "dark web" – a shadowy corner of the internet which cannot be searched via mainstream browsers like Google. http://www.itsecurityguru.org/2017/09/04/200m-fake-train-ticket-scam-put-season-pass-bought-dark-web-test-britains-busiest-station/ Microsoft says every enterprise should have a plan for when cybersecurity fails No matter how good it is, enterprise cybersecurity is doomed to fail. Every enterprise should have a business continuity plan in place for when it does. http://www.itsecurityguru.org/2017/09/04/microsoft-says-every-enterprise-plan-cybersecurity-fails/