A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction

A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage...

NotPetya

Wired has a long article on NotPetya. EDITED TO ADD 9/12: Another good article on NotPetya...

An Unprecedented Cyberattack Hit the US Power Grid

Exposed Facebook phone numbers, an XKCD breach, and more of the week's top security news...

European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked

The European Central Bank ECB confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank ECB is the...

European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked

The European Central Bank ECB confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank ECB is the...

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the...

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems RTOS for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networkin...

Hackers Expose Russian FSB Cyberattack Projects

More nation-state activity in cyberspace, this time from Russia: Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus -- a project for...

Turla renews its arsenal with Topinambour

Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle Eas...

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Britain's Information Commissioner's Office ICO today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach. British Airways, who describes itself as "The World's Favorite...

Second Florida City Pays Hackers $500k Post-Ransomware Attack

UPDATE A city in Florida has paid hackers almost $500,000 after suffering a ransomware attack that locked down its email systems and servers – only the latest municipality to be hit by ransomware and pay the ransom. The Florida municipality, Lake City, has a population of 12,046 and is located in...

Iran Targeting U.S. With Destructive Wipers, Warns DHS

The Department of Homeland Security is warning that Iranian hackers are targeting U.S. agencies with destructive “wiper” malware. The statement comes as tensions continue to build between the U.S. and Iran. Christopher Krebs, the director of the Department of Homeland Security DHS Cybersecurity a...

Podcast: Dating App Privacy and NASA Cyberattack

Beyond the regular drumbeat of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the most interesting stories of the week, including: A ransomware webinar hosted by Threatpost editor Tara Seals, whi...

Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data

NASA’s Jet Propulsion Laboratory JPL may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT...

Google Calendar Attacks Target Unwitting Mobile Users

UPDATE A sophisticated cyberattack is targeting Gmail users through fraudulent, unsolicited Google Calendar notifications. The campaign takes advantage of a common default feature for people using Gmail on their smartphone: Calendar invites automatically pop up on phones, prompting users to accep...

Ransomware isn’t just a big city problem

This month, one ransomware story has been making a lot of waves: the attack on Baltimore city networks. This attack has been receiving more press than normal, which could be due to the actions taken or not taken by the city government, as well as rumors about the ransomware infection mechanism...

This Week in Security News: Skimming Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how credit card skimming attacks can impact businesses and how ransomware can use software installations to help hide malicious...

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Hacking tools allegedly developed by the National Security Agency NSA were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with t...

First Physical Retaliation for a Cyberattack

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a buildi...