Leaked: K Box Singapore database with more than 317,000 names – Channel NewsAsia

Continuing the recent string of publicized security breaches, personal details (such as the names, contact numbers and date of births) of more than 317,000 K Box members were leaked to several media outlets. A group calling themselves The Knowns have claimed responsibility for the leak, saying that it was in response to the recent increase in toll at Woodlands.

This attack only highlights the growing importance of cybersecurity, and to the fact that companies need to start investing more heavily in this area. Mr Boland, Vice President and Chief Technology Officer of FireEye’s Asia Pacific operations, agrees, saying that that most organizations simply have not taken the necessary steps to protect themselves but definitely should as long as they are collecting personal data from their customers.

The Personal Data Protection Commission is currently investigating the matter. An organization who fails to make reasonable security arrangements to protect personal data in their possession may be fined up to S$1 million.

Source: www.channelnewsasia.com

See on Scoop.itBuzz IT

How were the celeb nude photos leaked, and can we prevent it from happening again?

As you may have heard, a large number of private, mostly nude, celebrity photos were leaked onto the internet on August 31. Despite an impressive number of stories dedicated to unproven theories about various potential attack vectors, there is still no clear evidence of how the private photos were obtained. Let’s discuss how the celebrity nudes might’ve been obtained — and, more importantly, how to prevent such a debacle from happening again in the future.

Source: www.extremetech.com

See on Scoop.itBuzz IT

Hackers ‘breach networks of US banks’

NEW YORK — A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, said four people briefed on a continuing investigation into the crimes.
The hackers infiltrated networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what experts said were sophisticated cyberattacks.
The attacks’ origin and motivation, whether financial or part of an espionage effort, are not yet clear, said investigators. The Federal Bureau of Investigation (FBI) is involved in the probe and, in the past few weeks, a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.
Hackers infiltrated the networks of some banks and stole checking and savings account information from clients, said two other people briefed on the matter.
JPMorgan Chase has not seen any increased fraud levels, a person familiar with the situation said. “Companies of our size unfortunately experience cyberattacks nearly every day,” said JPMorgan spokeswoman Patricia Wexler. “We have multiple layers of defence to counteract any threats and constantly monitor fraud levels.”
Mr Joshua Campbell, an FBI spokesman, said the agency was working with the Secret Service to assess the full scope of attacks. “Combating cyberthreats and criminals remains a top priority for the US government,” he added.
The intrusions were first reported by Bloomberg, which indicated that they had been the work of Russian hackers. However, security experts and government officials said they had not yet made that conclusion.
Earlier this year, iSight Partners, a security firm in Dallas that provides intelligence on online threats, warned companies they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions.
However, Mr Adam Meyers, the head of threat intelligence at CrowdStrike, a security firm that works with banks, said it would be premature to suggest the attacks had been motivated by sanctions.
Russian hackers began a month-long online assault on Estonia in 2007 that nearly crippled the Baltic nation, after Estonian government workers moved a Soviet-era war memorial from the Estonian capital.
Still, security experts have said the stealthy nature of the recent attacks suggests their motivation was not political. The US banking sector has been a frequent target for hackers in recent years, with the vast majority of attacks motivated by financial theft.
But not all of them. Over the past two years, banks have been hit in a series of politically motivated attacks from Iran, in which a group of Iranian hackers flooded US banking sites with so much online traffic — a method called a distributed denial of service (DDoS) attack — that the websites slowed or intermittently collapsed.
Hackers who took credit for those attacks said they had gone after the banks in retaliation for an anti-Islam video that mocked the Prophet Muhammad and pledged to continue the attacks until the video was removed from the Internet.
American intelligence officials said the group was actually a cover for the Iranian government. Officials said Iran was waging the attacks in retaliation for Western economic sanctions and attacks on its own systems.
Unlike the attacks traced to Iran, the recent hacks against American banks were not intended to disrupt the lenders’ services, but appeared to be part of a financial or intelligence-gathering effort, said three people briefed on the investigations.
Mr Meyers said hackers could have been after account information or intelligence about a potential merger or acquisition. Security experts said they had chosen to pursue account information, not disruption, which is the earmark of state-sponsored attacks.
As JPMorgan Chase has not seen any unusual incidences of fraud, however, it is too early to conclude the attacks were solely financially motivated.
So, why were the banks targeted? Security experts said they could not yet determine if the attacks over the past few weeks were the work of Russians or were politically motivated.
Indeed, Mr Meyers said, any such conclusions at this point would be the result of what was an effort by security firms to be the first to present conclusive evidence.
Banks are often targets for intelligence agencies looking to collect data. In 2012, Russian security researchers uncovered a virus on 2,500 computers, many of them in major Lebanese banks such as the Bank of Beirut. The virus was specifically intended to steal customers’ login credentials for their bank accounts.
The researchers believed the computer virus was state-sponsored and said they had found evidence that it had been created by the same programmers who created Flame and Stuxnet — two viruses that officials have said were unleashed by US and Israel to spy on computers in Iran.
THE NEW YORK TIMES

Source: www.todayonline.com

See on Scoop.itBuzz IT