News briefs: June 2016
»U.S. Cyber Command is taking the information security fight to ISIS, hacking into the computers of individual fighters and interrupting the terror group's encrypted communications. American forces are implanting viruses and malware into computers used by specific ISIS members to pull out intelligence data on the organization's hierarchy leading to several being targeted and killed.
»DōTERRA International reported to customers and wholesale members of a breach that compromised names, Social Security numbers, dates of birth, addresses, telephone numbers, email addresses, usernames, passwords and credit or debit card information – including card numbers, security codes and expiration dates. The breach took place through a third-party vendor.
»In early November 2015, the Swedish Civil Aviation Administration announced that a solar storm had knocked out the country's air traffic control systems, causing the agency to cancel domestic and international flights, but a new report disputes this, saying a cyberattack launched by a Russian APT group may have jammed Sweden's air traffic control capabilities.
»A new banking trojan named GozNym stole an estimated $4 million from two dozen U.S. and Canadian banks in early April. Later in the month, the hybrid malware was seen by IBM's X-Force Research team being used in attacks against Europe, including 17 Polish banks, a Portuguese financial institution and corporate targets.
»Aspiring hacktivists can now access a chat service hosted by Anonymous to learn coding and encryption. OnionIRC, aims to build a strong community for those concerned about privacy and security and aims to “arm the current and coming generations of internet activists with education,” the group said in a video.
»A poor security practice in the payment authentication process in the Android mobile application for Domino's Pizza allowed a U.K. security consultant to order a pizza free of charge. Researcher Paul Price found the app was processing payments client-side via a payment gateway that could be spoofed – allowing for free food to be delivered.
»A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend's video. According to a scam alert from research firm ESET, victims receive either a false notification that they were tagged in a friend's timeline post, or a message purportedly sent by a friend via Messenger.
»A trio of security researchers has demonstrated how Google's reCAPTCHA technology can be broken. According to a Columbia University research paper, the researchers managed to identify flaws in the technology that would enable hackers to influence the risk analysis, bypass restrictions and deploy large-scale attacks.
»A survey of IT and security professionals found that 16 percent of organizations do not use any cybersecurity framework. The report by Dimensional Research and Tenable Network Security, surveyed IT and security pros in the U.S.
»Mattel fell victim in April 2015 to a popular phishing campaign known as the fake CEO or fake president scam, but was able to recover its money. Within a month of Christopher Sinclair taking the helm as CEO, an unnamed financial executive at the company received an email supposedly from Sinclair requesting a vendor payment to China. The exec transferred $3 million to the Bank of Wenzhou. But, a few hours later when the payment was mentioned to Sinclair, he said he hadn't requested it.