Shadow Brokers say U.S. agency spied on Middle East banks

Hacker group Shadow Brokers released data that appears to show that the NSA penetrated deep into the finance infrastructure of the Middle East. The published documents, if legitimate, show how U.S. intelligence compromised elements of the global banking system by hacking into Dubai’s EastNets, which oversees payments in the global SWIFT transaction system for dozens of client banks in the Middle East. The leak includes detailed lists of hacked or potentially targeted computers, including those belonging to firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen and the Palestinian territories. Also included in the data dump are fresh hacking tools, this time targeting a slew of Windows versions. SWIFT has been increasingly targeted by hackers seeking to redirect millions of dollars from banks around the world, with recent efforts in India, Ecuador and Bangladesh. Security researchers pointed to clues that an $81 million Bangladesh bank theft via SWIFT may have been the work of the North Korean government. But the Shadow Brokers’ latest leak offers new evidence that the NSA also has compromised SWIFT, most likely for silent espionage. Source: Wired

U.S. health care site wasn’t secure at launch, report says, used to enter sensitive medical and personal information while signing up for Obamacare, was severely unsecure upon launch in October 2013. Documents obtained by Judicial Watch through a Freedom of Information Act lawsuit show Health and Human Services officials repeatedly were warned by security contractor Mitre that the site was not properly protected. Source:

Hundreds of YouTube channels breached

Hacker group OurMine pulled off what they claim is the “largest hack in YouTube history” breaching security on hundreds of channels, including vloggers Lilly Singh, RomanAtwoodVlogs and JustKiddingNews. The group changed the titles and descriptions of their videos to: “Hey, it’s OurMine, don’t worry we are just testing your security, please contact us for more information.” The accounts affected were all associated with German media network Studio71, which hosts more than 1,200 channels. Source: The Sun

Machines might learn to keep private data safe

U.K.-based Darktrace uses machine-learning capabilities—advanced algorithms that can adapt and learn—and probabilistic mathematics to learn the normal “pattern of life” for every user and device in a network to detect anomalies. Their technology is modeled after how a human immune system identifies and responds to foreign threats without compromising the human body’s key functions. Source: CNBC

Job security comes with cybersecurity degree

Colleges and universities are scrambling to add courses to prepare students to fill the huge number of cybersecurity jobs that have arisen due to exponential growth in hacking worldwide. Analysts say the number of job vacancies ranges from 100,000 to 350,000. Ashton Mozano, a cybersecurity professor at the University of San Diego, says there are thousands of $80,000 entry-level jobs available to applicants with at least an undergraduate degree in computer science or computer engineering. Source: San Diego Tribune

United Kingdom companies need to get their firewalls up

A fifth of British businesses have been hacked by cyber criminals in the past 12 months. A survey by the British Chambers of Commerce found 42 percent of big businesses had fallen victim to cyber crime, compared with 18 percent of small companies. Only a quarter of those questioned said their business had security measures in place to guard against hacking. While firms of all sizes fall prey to attacks, large companies are more likely to experience them. Source: Sky News

Hackers check in to IHG hotels yet again

InterContinental Hotels Group said that payment card systems at more than 1,000 of its hotels had been breached. It’s the second breach that IHG, a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its chains, has disclosed this year. The company said a second breach occurred at select hotels from Sept. 29 through Dec. 29 last year. IHG said the variant on their system siphoned track data—customers’ card number, expiration date and internal verification code—from the magnetic strip of cards as they were routed through affected hotel servers. Source: ThreatPost

Shoney’s serves up report of restaurant breaches

Shoney’s has been hit with a credit card breach involving 37 restaurants since December, the company acknowledged. Best American Hospitality said the breach started in December and was contained in March. The 37 affected locations are across the South, many in Tennessee, with a few in South Carolina, Louisiana, Georgia, Alabama, Mississippi, Virginia, Missouri, Florida and Arkansas. Source: Nation’s Restaurant News

We’re bored; let’s poke around in patient records

Virginia Mason Memorial Hospital in Yakima, Wash., sent letters to 419 emergency-room patients, alerting them of a privacy violation. Employees at the hospital improperly accessed patients’ records. The hospital believes this to be a case of snooping by bored employees. There was no evidence that any particular patient’s records were targeted. Source: The Seattle Times

Your LinkedIn account might get connected in a different way

LinkedIn’s new version of its Terms of Service go into effect on June 7, with a new privacy policy that covers upcoming LinkedIn features that aim to give profiles more visibility, and to make it easier to achieve the social “links” implied in the professional network’s name. The policy will open profile visibility to “certain third-party services.” LinkedIn does make it easy to opt out. Source: Tech Crunch

If feds won’t protect privacy, the states will

More than a dozen states are moving to fill the void left by the federal government’s departure from broadband privacy regulation through a spate of proposed laws that would require consumer consent to share online data with third parties. The legislative proposals are a reaction to President Trump’s repeal of a Federal Communications Commission regulation that would have expanded online privacy rules to broadband providers, such as AT&T and Verizon. The regulation would have required telecommunications companies to notify customers if they intended to sell their information to a third party. Source: Bloomberg BNA

Retailer says breach was a bit bigger than first thought

Neiman Marcus disclosed to the California attorney general that a December 2015 breach compromised more sensitive information than first thought. It also disclosed new attacks from earlier this year that exposed names, contact information, email addresses and purchase histories. Neiman Marcus Group says full payment card numbers and expiration dates were exposed in the 2015 incident. Source: Bank Info Security


The post Shadow Brokers say U.S. agency spied on Middle East banks appeared first on Third Certainty.

By Byron Acohido