By Ryan Kamauff
- SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones – “After three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.” Nohl is about to present his findings at Black Hat, but this flaw could truly effect millions of devices. In many nations, SIM-based payments are the norm, opening up even more vulnerabilities. Via Forbes, more here.
Cisco to buy Sourcefire, more network security deals seen – Cisco is planning to purchase the cybersecurity firm for upwards of $2.7B. It will be paying a premium of over 28% of Sourcefire’s stock price. This purchase is intended to help bolster Cisco’s security offerings. Via Yahoo!, more here.
- Medical Device Hackers Find Government Ally to Pressure Industry – “Two years ago, Jay Radcliffe discovered a software bug in his insulin pump that could allow hackers to take remote control of the device. The diabetic and computer security researcher went public with his findings at a hacker conference after the manufacturer, Medtronic Inc., didn’t respond to him.” The lack of effort to protect medical devices and users’ data, will eventually come back to haunt the manufacturers and lawmakers who aren’t protecting citizens. Radcliffe’s probing of the pumps is beneficial, despite the backlash from manufacturers. Via Bloomberg, more here.
- Fixmo SafeZone v5.0 – Fixmo has released the fifth version of their “SafeZone” product which creates a mobile “secure sandbox, completely isolating corporate data from the end-user device.” In addition. the data is encrypted at the 256-bit AES level, as well as being FIPS 140-2 compliant. This means the software will meet stringent US government demands. Via SC Magazine, more here.
- Security Spending to Hit $46 Billion – Recent research has pointed to global spending on critical infrastructure cybersecurity to reach $46B this year. Critical Infrastructure protection is becoming a priority among the nations of the globe. Critical infrastructure is one of the areas in need of cyber protection that impacts citizens the most. Via ISS Source, more here.
- Passwords of 1.8M Ubuntu Forums users compromised in hack – “Canonical – the UK company that develops the distro – has confirmed that the username, password, and email address of all the registered forum users have been compromised.” The passwords were stored as salted hashes and not plain text, but Canonical suggests users change any passwords that were similar to those used on Ubuntuforums.org. Via Net Security, more here.
- Cyber drills like Quantum Dawn 2 vital to security in financial sector – “The drill, coordinated by the Securities Industry and Financial Markets Association (SIFMA), involved more than 500 individuals from about 50 organizations, including financial services firms, exchanges, the U.S. Department of the Treasury, the Department of Homeland Security and the FBI.” Not only do drills help teach response, but they identify weaknesses, build espirit de corps and strengthen relationships between cyber practitioners. While the results won’t be known for a few weeks, these drills are truly critical to building cyber preparedness. Via ComputerWorld, more here.
- Apple developer site shuttered four days after attack – ‘Apple said in a notice released late on Sunday that names, mailing addresses and emails may have been accessed by unknown attackers. It added that “sensitive personal information” was encrypted and could not be accessed.’ A Turkish security researcher claimed the attack was simply an attempt to point out a security bug. Via Yahoo! and Reuters, more here.
- Backdoors Embedded into Image Files – “Attackers are using a known, but uncommon method of maintaining access to an already compromised server by hiding backdoors inside the headers of legitimate image files, researchers said.” Dozens of websites have been compromised, most running outdated versions of WordPress or Joomla. Once again a lack of patch management has opened up servers to additional vulnerabilities. Via ISS Source, more here.
- Malware market peddles tools to exploit Android infections – “The first tools to inject legitimate Android apps with open-source software that allows an attacker to control an infected smartphone remotely have been found in the criminal underground.” This tool packages in access to a program known as AndroRAT (RAT for remote access tool). This allows malicious actors to use expensive apps as bait. Via ComputerWorld, more here.
- FedScoop has a great interview with Michael Daniel, special assistant to the president and the cybersecurity coordinator, White House.