Security Headlines

The Security News can be sent directly to you.  As a citizen, you can receive security information relating to consumer products and as a technology community member, you can receive additional technical information.



Why It's Still A Bad Idea to Post or Trash Your Airline Boarding Pass
August 24, 2017
Being careless with your boarding pass could jeopardize your privacy or even cause trip disruptions down the road.
Source: Krebs On Security 

Don’t Want Your SMSs Stolen? Don’t Download These Android Apps
July 27, 2017
It’s normal for Android apps to download plugins. It’s not so normal when one of those plugins tries to steal your SMS messages.
Source: Sophos 

Android Malware That Snoops On Your Phone
July 21, 2017
Android users have a new strain of malware that sits in the background of infected devices.
Source: Sophos

Germany Says Cyber Threat Greater Than Expected, More Firms Affected
July 7, 2017
Germany's BSI federal cyber agency said that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week.
Source: Reuters 

Security News

Russian Hackers Feel the Heat
August 25, 2017
Alexander Vinnik one of seven Russians arrested or indicted on U.S. cyber crime charges this year. On average, just two Russian cyber criminals were extradited to the United States each year between 2010 and the start of 2017.
Source: Reuters

Voter Registration Data from 9 States Available for Sale on Dark Web
July 24, 2017
Over 40 million voter records from nine different states being traded in an underground forum for stolen credit card data and login credentials.
Source: Dark Reading 

Start With Security – and Stick With It
July 28, 2017
When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies.
Source: Federal Trade Commission 

Kansas Department of Commerce Breach
July 20, 2017
A breach of a Kansas Department of Commerce system exposed more than 5 million Social Security numbers.
Source: The Hill 

University of Iowa Data Breach
July 12, 2017
University of Iowa Health Care (UIHC) discovered that protected health information for 5,300 patients was inadvertently saved in unencrypted files that were posted online through an application development site. 
Source: The Gazette 

Russians  Are Suspects in Nuclear Site Hackings
July 7, 2017
Hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.
Source: Bloomberg

Indiana Health Coverage Program (IHCP) Data Breach
July 5, 2017
Medicaid recipients may have been victims of a data breach when an internet hyperlink made patient information accessible between February and May of this year.
Source: WOWO  


Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004
August 16, 2017
Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.
Source: Drupal

MIcrosoft Office\Outlook Vulnerability
July 28, 2017
Multiple vulnerabilities have been discovered in Microsoft Office and Outlook.
Source: Microsoft 

Vulnerabilities in Apple Products
July 19, 2017
Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, macOS, iCloud for Windows, and iTunes for Windows and Safari, the most severe of which could allow for arbitrary code execution
Source: Apple 

Cisco WebEx Browser Extension Remote Code Execution Vulnerability
July 17, 2017
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.
Source: Cisco 

Samba Security Update
July 12, 2017
Security update released for all version of Samba from 4.0.0 onwards.

Adobe Flash Update
July 11, 2017
Adobe has released security updates for Adobe Flash Player.
Source: Adobe 

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
July 6, 2017
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Source: Cisco 

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
July 6, 2017
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Source: Cisco 


The Internet of Things (IoT) Promises New Benefits And Risks: A Systematic Analysis of Adoption Dynamics of IoT Products
August 23, 2017
The rush to adopt products on the Internet of Things (IoT) before securing them will make them attractive to cyber criminals and vulnerable to cyber-incidents
Source: Massachusetts Institute of Technology 

Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD
July 27, 2017
The Internet of Things (IoT) is the set of Internet-capable devices, such as wearable fitness devices and smartphones, that interact with the physical environment and typically contain elements for sensing, communicating, processing, and actuating. Even as the IoT creates many benefits, it is important to acknowledge its emerging security implications
Source: Government Accountability Office 

6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices
June 2017
Sensors (e.g., light, gyroscope, accelerometer) and sensing enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor API. In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users’ sensitive information, transfer malware, or record or steal sensitive information from other nearby devices
Source: Florida International University

Report On Improving Cybersecurity In The Health Care Industry
June 2017
The Health Care Industry Cybersecurity Task Force has released its report to Congress.
Source: US Department of Health and Human Services 

Information Crime

Iowa Computer Programmer Gets 25 Years for Lottery Scam
August 22, 2017
A former lottery computer programmer who admitted to rigging computers to enable him to pick winning numbers was sentenced to up to 25 years in prison.
Source: ABC News 

Anti-theft Law Results in Huge Drop in Stolen Phones
July 27, 2017
San Francisco’s district attorney says that a California state law mandating "theft-deterring technological solutions" for smartphones has resulted in a precipitous drop in such robberies.
Source: San Francisco District Attorney 

Russian Sentenced In U.S. To Five Years Prison For 'Citadel' Malware
July 19, 2017
A Russian man who U.S. prosecutors say played a role in developing the sophisticated malware known as "Citadel" used to steal personal financial information from thousands of computers worldwide was sentenced to five years in prison.
Source: Reuters 

Russian-Born Cybercriminal Sentenced to Over Nine Years in Prison
July 10, 2017
A nearly decade-long member of several elite Russian-speaking cybercrime forums was sentenced to 110 months in prison for running a sophisticated scheme to steal and traffic sensitive personal and financial information in the online criminal underground.
Source: US Attorney’s Office Eastern District of Virginia 

Hacker Who Aided Russian Intelligence Is Sentenced to 2 Years
July 6, 2017
Moscow City Court sentenced Vladimir Anikeyev, the head of a hacking group that the authorities cracked down on last winter, to two years in a penal colony.
Source: New York Times 

Printed from the Information Security Division website on April 21, 2018 at 4:18am.