Press Room – Information Security and Data Privacy – w3#0816

1. New vulnerabilities affect over 900 million Android devices, enable complete control of devices

QuadRooter is a set of four vulnerabilities affecting Android devices that are built on the Qualcomm chipset, a supplier of 80% of the chipsets in the Android ecosystem. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations and gain root access to a device, enabling them to change or remove system-level files, delete or add apps, and access the device’s screen, camera or microphone.

Affected devices include:

  • Samsung Galaxy S7 & S7 Edge
  • Sony Xperia Z Ultra
  • Google Nexus 5X, 6 & 6P
  • HTC One M9 & HTC 10
  • LG G4, G5 & V10
  • Motorola Moto X
  • OnePlus One, 2 & 3
  • BlackBerry Priv
  • Blackphone 1 & 2

2. ENISA – The cost of incidents affecting CIIs (Critical Information Infrastructure)

The aim of the study is to assess the economic impact of incidents that affect CIIs in EU, based on existing work done by different parties, and set the proper ground for the future work of ENISA in this area.

– Finance, ICT and Energy sectors, appear to have the highest incident costs.
– Financial services and energy related sectors suffered the strongest economic impact due to cybercrime
– The most common attack types for Financial sector and ICTs appear to be DoS/DDoS and malicious insiders, with the latter affecting the Public Administration sector as well. It is very important to highlight that these two types on their own, collectively constitute approximately half the annualized cost of all cybercrime

3. WhatsApp and Skype targeted in Commission’s revamp of telecoms laws

Internet companies like WhatsApp and Skype are worried they’ll have to comply with new EU telecoms laws for the first time when the European Commission proposes a legislative overhaul this September.

The EU executive is about to introduce a set of new telecoms laws, some of which will apply to online messaging services that have increasingly become competitors to traditional phone calls and SMS messaging.

Squeezing online messaging and call services into telecoms law would give national regulators more muscle to police how they operate.

But internet companies say extending telecoms rules would upend how they do business. Many firms have one European headquarters, but can be brought before court in any EU country where they face legal complaints. Facebook and Google are both based in Ireland but have been challenged for privacy violations in several EU countries.

4. Data Breach At Oracle’s MICROS Point-of-Sale Division

A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.

5. Inside Look at SWIFT-Related Bank Attacks

Attacks waged against payments run through the SWIFT interbank messaging system – including the $81 million heist from the Bank of Bangladesh – have raised many questions about back-end security practices, fraudulent transaction liability and authentication. What is less discussed, however, is who is behind the attacks, and whether they could be linked to other cyberattacks against international banking systems beyond SWIFT.

Colin McKinty, vice president of cybersecurity strategy for the Americas at security firm BAE Systems, which was hired by SWIFT to help shore up security, says BAE now believes that the malware used in the SWIFT attacks is not unique. In this interview with Information Security Media Group, McKinty says the malicious code used against Bangladesh Bank shares many similarities to code used in the 2014 attack against Sony Pictures, which the U.S. government attributes to North Korea, as well as code used in an attack waged in December 2015 against an unnamed commercial bank in Vietnam.

“We came across a very interesting piece of malware and one of our researchers, during their analysis, recognized that this malware is likely to have been used in the attack against the Bangladesh Bank,” McKinty says. “That’s where we got engaged with SWIFT. We were able to provide them some insight, with regard to what had happened at the Bangladesh Bank.”

Be the first to comment

Leave a Reply

Your email address will not be published.