Notice: Due to vacations in the Information Security Office, this will be the last update to this blog until July 14th.
This article is reporting that a Russian group of hackers is targeting energy companies in the U.S. and Europe and could be capable of disrupting power according to researchers. From the article:
The hackers, also called “Dragonfly,” appear to have the resources, size and organization that suggest government involvement, security company Symantec Corp. (SYMC) said in a blog post yesterday. The attackers are targeting grid operators, petroleum pipeline operators, electricity generation firms and other “strategically important” energy companies, it said.
Those group’s activities highlight the increasing reach of cyberattacks as ever-larger parts of the economy become connected and controlled via the Web. They may also be symptomatic of governments using hacking to support political strategies. More than half of the infections found were in the U.S. and Spain, Symantec said, while Serbia, Greece, Romania, Poland, Turkey, Germany, Italy and France were also targeted.
This article discusses yet another ransomware variant dubbed Cryptowall seen in the wild. For the initiated, ransomware is malware that encrypts the data on your hard drive and forces you to pay a ransom in order to receive the decryption key. The article discusses how Cryptowall is propagated as well as steps to take to prevent such an infection.
According to this post, Apple recently plugged a total of 60 unique vulnerabilities across iOS, OS X, Safari, and Apple TV. From the post:
iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.