US accuses Russia of interfering with elections
In what could be the most highly publicized nation state cyber attacks since the Sony Pictures hack, the US have officially accused Russia of interfering with the elections. The DNC email breach was the first stage in a set of disastrous leaks, most of which have come from Wikileaks in the form of their ‘Hillary Leaks’ series. The US Intelligence Community have stated that the nature of the breaches are consistent with Russian attacker methods, also claiming the scope of the attacks is an indicator that only senior Russian officials could have authorized them. While the finger has been pointed, officials have assured voters that there is no risk of actual ballots being tampered with.
Latest ‘Hillary Leaks’ consists of aide emails
The latest Wikileaks release in their ‘Hillary Leaks’ series has come in the form of email correspondence from the private inbox of aide John Podesta. While their authenticity has yet to be confirmed, the emails contain evidence of behaviour Clinton has been most criticized for; a close relationship with financial heads. The emails reportedly contain excerpts from paid speeches Clinton is said to have given to various players in the financial sector such as Goldman Sachs. While no specific deals appear to have been made, or anything amounting to a crime, the very confirmation of Clinton’s relationship with such individuals is bound to undermine her reputation. Wikileaks have promised a release each week in the run up to the elections.
Avtech IoT devices become latest to be vulnerable to hackers
It’s no secret that the swathes of IoT devices continuing to hit the market pose a security risk, both to private data held on the same network and as a new army of devices to be harnessed for DDOS attacks. In the last week, Avtech have been the latest manufacturer hit by news that their devices are vulnerable. This revelation is a particularly troubling one for the thousands of people using the company’s video surveillance products. Should the wrong people gain access to these vulnerable devices, burglaries could be orchestrated and customers are advised to change their passwords. Around 130,000 Avtech devices have appeared as open and vulnerable on Shodan. This news has come in the same week that it was shown that thousands of IoT devices are being enrolled in botnets using an SSH vulnerability which has been known for 12 years. Both these stories are simply further evidence that insufficient efforts are being made to make such devices secure.
You might want to allow the latest Windows updates sooner rather than later. The latest ‘Patch Tuesday’ release contains fixes for no less than 49 vulnerabilities, including remote code execution vulnerabilities and 4 ‘zero days’ which are reportedly already being exploited in the wild. These include a memory disruption vulnerability in Office and a graphics component remote code execution vulnerability. This latest set of updates also comes with the news that future updates will come in the form of monthly ‘security rollups’, which also applies to the .NET framework updates.
Latest Adobe update patches 83 vulnerabilities
The other set of patches which comes almost as regularly as Microsoft’s come from Adobe, patching a total of 83 bugs in Reader, Acrobat and of course, Flash. The vulnerabilities include remote code of execution (12 of which affect Flash), memory corruption and buffer overflow and make up the largest patch update since May.
Singapore moves to stimulate regional cybersecurity improvements
Singapore has announced an investment of $10m into ASEAN (Association of South East Asian Networks) cybersecurity, to be spent over five years. The announcement was made at an ASEAN cybersecurity conference last week by communications minister Yaacob Ibrahim. The money is due to be spent on educational and collaborative activities such as workshops and seminars, bringing regional experts together. This move comes in the wake of sector reports which show the region is lagging behind in terms of security, both on a private and governmental level.
UN nuclear power plant hacked
It’s been belatedly revealed that an unnamed nuclear power plant suffered a hack several years ago, with attackers attempting to steal Uranium from the facility. This is not the first nuclear plant to have been targeted, with a South Korean power company suffering attacks in 2014 and this year a German facility was revealed to have malware on its network. The Director of the International Atomic Energy Agency, who oversees UN nuclear activities said ‘This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg’.