Syrian Electronic Army Hacks Newspapers & Tech Firms via 3rd Party

The 'Syrian Electronic Army' is reported to have hacked the websites of UK newspapers The Independent, The Telegraph and the Evening Standard - as well as a host of global companies.

The Syrian Electronic Army were on a hacking rampage and targeted several high-profile news websites on Thursday, which included New York Times, The Telegraph, CNBC, Forbes. 

*After the hack attack, users accessing the websites were welcomed with this message.

The attack was was announced on the Syrian Electronic Army's Twitter account, adding that the attacks were conducted considering the importance of Thanksgiving holiday in the US. 

Vodafone Error Sends 1.7k Journalist Phone Records to Police

Vodafone sent the phone details of 1,700 News UK journalists to the Metropolitan Police, which had requested the records of just one reporter under the Regulation of Investigatory Powers Act (RIPA).

The police required the information regarding journalists who were Vodafone customers between 2005 and 2007 - under the controversial RIPA rules and as part of Operation Elveden, which entails an inquiry into alleged payments to public officials in return for information.

The Internet Service Provider (ISP) blamed human error for the mistake while the Met claims to have sent the excess data – originally sent to the force in March – back to the company. A Vodafone spokesman said that the company urged Scotland Yard to delete the data, and the Met in turn agreed to use it for “a policing purpose, when it is in the interests of justice to do so.”

It also informed the Interception of Communications Commissioner's Office of the error on 27 June.

Cited and more on this story at BBC News

G4S Cloned Website Affects Share Price

News that the G4S share price dropped significantly after their website was cloned recently is evidence that the corporate threats from cyber crime are not just limited to data theft and hacking.

While corporate interest in internet security has moved from the IT department to the boardroom in recent years, particularly for companies in E-Commerce, Retail, and BFSI the G4S attack shows that any company with a share price is now fair game.

CEOs and board directors who don’t have a firm grip on how a cyber attack could affect their business continuity could be burying their heads in the sand if they think this is ‘something for the IT team to sort out’.

Websites have been cloned before. This aspect of the G4S story, while unfortunate, is not something new.  What’s interesting is the intricate nature of this multi-pronged attack, the deliberate use of the media via a press release and the dramatic and positive effect for the criminals combined with the impact this had on the financial fortunes of G4S.

ZeroDayLab are finding more businesses than in previous years of all sizes across all verticals are starting to wake up to the inevitable threat of cyber attacks. It is no longer if you will be attacked, more likely when you will be attacked. Larger enterprises are now more than likely to have this as a core part of their business continuity plans but this is often limited to hacking, data security or server outages.

Unless more companies start to understand these pervasive threats and take a more strategic approach to ‘Continuous Security Improvement’ then we’re very likely to see more of these types of stories emerging.

At ZeroDayLab we understand from our Cyber-threat Intelligence derived from hundreds of client engagements that the threat vectors through targeted attacks are changing every day.  Cyber crime is growing and new ways of attacking businesses are emerging as fast as new technology and software is becoming available.

In Summary

100% protection does not exist, continuous diligence and swift detection based on a holistic approach to Total Security Management is the answer delivering a strategic approach to IT Security that compliments your Business objectives and overall corporate strategy whilst protecting your business assets.

Please contact ZeroDayLab today to discuss your Security Management.

See more facts..

Financial Director  - CLICK HERE

SC Magaizine - CLICK HERE

Website With Live Links to Baby Monitors, Web Cams & CCTV shuts down.

Its administrator now appears to be using the page to look for work.

"Programmer looking for a good remote job" is now the only content on the site, along with a list of skills and an email address.

The Russian-based site, called Insecam, was streaming footage from systems using either default passwords or no log-in codes at all.

Password security

Last week it was showing video feeds from more than 250 countries including 4,591 cameras in the US and more than 500 within the UK.

It included images from children's bedrooms, driveways, gyms and shops.

Insecam listed material available both by country and by device manufacturer including major brands like Foscam, Panasonic and Linksys.

The devices had not been hacked but were operating on their default security settings.

The site owner told the BBC over email that he did not consider himself to be a hacker as he had not infiltrated any security settings.

"An analogy best describing this would be just because someone leaves their window open it does not give permission for an unauthorized individual to set up a camera outside their window and broadcast the feed worldwide," said Foscam chief operating officer Chase Rhymes.

The companies all urged camera owners to change their passwords regularly.

Cited and more on this story at BBC News

At ZeroDayLab®, we are Passionate about Total Security Management and are committed to Total Customer Satisfaction.

Over the last five years, we have successfully grown our business year-on-year and expanded our consulting services and complementary security solutions to provide our clients with a real value add and holistic approach to their IT Security posture that is unique in our industry.

Conducting over 200 assignments annually, we are proud to have leading European clients in key vertical markets such as BFSI, Retail, Telco and E-Commerce organisations, Local & Central Government.

We are an established, well-respected, privately-held company with a renowned reputation for quality, confidentiality and consistently delivering proven results for measurable ROI. At ZeroDayLab®, we are very proud that we attract and retain the very best industry talent who are as passionate as our management team about consistently delivering our core values.

We are based in London with a Security Operations Centre in Manchester. In 2013 we expanded our business and now have a dedicated team of IT Security experts in The Netherlands serving the Benelux Region as well as a highly skilled team of software developers and Ethical Hackers based in Bangalore, India. In early 2014, we expanded our operations further by relocating our Finance & Operations team to a new office in Brighton & Hove

Please CLICK HERE for more information.

New Law Forcing Firms to Identify Computer & Mobile Users to Police

A law forcing firms to hand details to police identifying who was using a computer or mobile phone at a given time is to be outlined by Theresa May.

The home secretary said the measure would improve national security.

As part of the Counter-Terrorism and Security Bill, providers would have to retain data linking devices to users.

But campaigners warned it could see the revival of the so-called "snoopers' charter" - a previous attempt to bring in wide-ranging web monitoring powers.

The Home Office says the new measures would help police and security services identify:

• Organised criminals
• Cyber-bullies and hackers
• Terror suspects and child sex offenders communicating over the internet
• Vulnerable people such as children using social media to discuss taking their own life

The proposals, due to come before MPs on Wednesday, would help police to identify suspects via a computer or mobile device's individual Internet Protocol (IP) address.

Each device has such an address, but they can change - such as when a modem is switched off and then on again - and are usually shared between different users.

Internet service providers currently have no business reason for holding data showing which IP address was allocated to a device at a given time, meaning it is not always possible for police and security services to match individuals to internet use, the Home Office said.

Cited and more on this story at BBC News

At ZeroDayLab®, we are Passionate about Total Security Management and are committed to Total Customer Satisfaction.

Over the last five years, we have successfully grown our business year-on-year and expanded our consulting services and complementary security solutions to provide our clients with a real value add and holistic approach to their IT Security posture that is unique in our industry.

Conducting over 200 assignments annually, we are proud to have leading European clients in key vertical markets such as BFSI, Retail, Telco and E-Commerce organisations, Local & Central Government.

We are an established, well-respected, privately-held company with a renowned reputation for quality, confidentiality and consistently delivering proven results for measurable ROI. At ZeroDayLab®, we are very proud that we attract and retain the very best industry talent who are as passionate as our management team about consistently delivering our core values.

We are based in London with a Security Operations Centre in Manchester. In 2013 we expanded our business and now have a dedicated team of IT Security experts in The Netherlands serving the Benelux Region as well as a highly skilled team of software developers and Ethical Hackers based in Bangalore, India. 

Contact us here for more information.

Breached Webcam & Baby Monitor Site Flagged by Watchdogs

The public is being warned about a website containing thousands of live feeds to baby monitors, stand-alone webcams and CCTV systems.

Data watchdogs across the world have drawn attention to the Russian-based site, which broadcasts footage from systems using either default passwords or no log-in codes at all.

The site lists streams from more than 250 countries.

It currently provides 500 feeds from the UK alone.

They include what appear to be images from:

• an office in Warwickshire
• a child's bedroom in Birmingham
• a home's driveway in Nottinghamshire
• a gym in Manchester, a pub in Salford
• a shop interior in London

The site's database shows listings for 4,591 cameras in the US, 2,059 in France and 1,576 in the Netherlands.

Smaller numbers of feeds are also identified as being available from developing economies including Nicaragua, Pakistan, Kenya, Paraguay and Zimbabwe.

Some of the feeds showed a static image but did not otherwise appear to be working.

The privacy watchdogs have provided the name of the site to the media, however the BBC has opted not to publish it.

Cited and more on this at BBC News