Top 10 Stories

If you're so much an Apple fan that you run Apple Music on Android devices, there's an upgrade to patch against a man-in-the-middle vulnerability. Eight months ago, Canadian security researcher David Coomber discovered that Apple Music for Android 1.2.1 and older doesn't validate the SSL certificates presented when logging into the mobile application and payment servers. As he writes at Bugtraq, that would allow an attacker to silently collect sensitive user information. View full story...

Last week, Congress voted to gut proposed internet privacy rules set out by the outgoing Obama administration that would have prevented your internet provider from selling your browser history to advertisers. President Donald Trump signed the bill a day after, making it law. Many turned to what appeared to be an obvious solution: A virtual private network (VPN). View full story ORIGINAL SOURCE: ZDNet

Evidence of Chinese cyber-espionage against the US has been uncovered on the eve of an important Sino-US presidential summit. The "Scanbox" malware – used by nation-state threat actors associated with or sponsored by the Chinese government – has been discovered embedded on webpages on the US National Foreign Trade Council (NFTC) site, Fidelis Cybersecurity reports. View full story ORIGINAL SOURCE: The Register

The Joint Committee of Public Accounts and Audit (JCPAA) has launched an inquiry into the cybersecurity compliance of Australian government departments as part of its examination of Auditor-General reports. Committee Chair, Senator Dean Smith, said that, as Parliament's joint public administration committee, the JCPAA has an important role in holding Commonwealth agencies to account. View full story ORIGINAL SOURCE: ZDNet

A new malware strain called BrickerBot is bricking Internet of Things (IoT) devices around the world by corrupting their storage capability and reconfiguring kernel parameters. Detected via honeypot servers maintained by cyber-security firm Radware, the first attacks started on March 20 and continued ever since, targeting only Linux BusyBox-based IoT devices. Right from the get-go, two different versions of BrickerBot were detected: BrickerBot.1 and BrickerBot.2. View full story ORIGINAL SOURCE: Bleeping Computer

Security researchers have uncovered a new ecosystem for a malicious backdoor trojan that uses torrents as a delivery medium to target weak WordPress accounts. The trojan, dubbed Sathurbot, has been active since at least June 2016 and has infected over 20,000 computers so far. According to ESET researchers, Sathurbot comes disguised as a torrent with an apparent installer executable and a small text file. The backdoor trojan preys on users looking to download a free...

Cyber security has been creeping on to agendas of corporate boards across the world, as more directors fear their companies could be the next big victim of a hack attack. The dangers include losing customer data or hard-won intellectual property, and general disruption to the business. However, they face a struggle not only against cyber criminals, but also with workforce complacency. View full story ORIGINAL SOURCE: Financial Times

According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected.“Encryption offers the perfect cover for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “It’s alarming that almost one out of four security professionals doesn’t know if his or her organization is looking for threats hiding in encrypted traffic. It’s clear that most IT and security professionals don’t...

Google takes web security seriously. When the Google Chrome web browser encounters a payment site without Secure Socket Layer (SSL)/Transport Layer Security (TLS) encryption, it marks as insecure. Soon, Chrome will mark any HTTP site as insecure. That's great, but just because a site is tagged 'secure' doesn't mean it's safe. WordFence, a well-regarded WordPress security company, has found that SSL certificates are being issued by certificate authorities (CA) to phishing sites pretending to be other sites. Because the certificates are...

North Korean hackers have reportedly accessed secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region – including first strike targets and troop deployments.The plans, dubbed OPlan 5027, reportedly leaked in a significant mid-2016 intrusion at the "cyber nerve centre" of South Korea's defence system, the Defense Integrated Data Centre. Previously, defence officials played down the incident but...