Cybersecurity Rundown – September 2018

KRSP - Cybersecurity Rundown

State Of Security (SOS) Rundown is a collection of Cybersecurity stories captured from around the web.

Dark Reading | Websites Attack Attempts Rose in Q2 New data shows hackers hit websites, on average, every 25 minutes.

Securelist | New trends in the world of IoT threats Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017.

Krebs on Security | GovPayNow.com Leaks 14M+ Records Government Payment Service Inc.— a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations

GAO | Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach Hackers stole the personal data of nearly 150 million people from Equifax databases in 2017.

The Hacker News | Powerful Android and iOS Spyware Found Deployed in 45 Countries One of the world’s most dangerous Android and iPhone spyware program has been found deployed against targets across 45 countries

Share this post

Surveillance cameras on wall

Russia Accuses US of Widespread Apple iPhone Hacking

Russia’s Federal Security Service (FSB) claims to have discovered an elaborate American espionage operation that compromised thousands of iPhones using sophisticated surveillance software. Moscow-based Kaspersky Lab confirmed that several of its employees’ devices were compromised during the operation.

Abstract powerlines

Mandiant Unearths New Malware That Can Sabotage Power Grids

A new strain of malware, dubbed COSMICENERGY, has been discovered that is designed to penetrate and disrupt critical systems in industrial environments. The malware is capable of exploiting an industrial communication protocol called IEC-104 to issue commands to RTUs, which could potentially cause power disruption. There is no evidence that the malware has been used in attacks, but its discovery is a reminder of the threat posed by malicious software to critical infrastructure.