JUNE WEEK 1

US Nuclear missile credentials stolen  

It’s believed that the threat group MAZE is responsible for the theft and encryption of sensitive government data concerning the United States missile deterrent programme Minuteman III. Minuteman III is a 3-stage intercontinental-range ballistic missile with a 13,000 km capability.   

We are unclear as to exactly how the theft occurred. Still, we are aware that the data was swiped from Westech, a subcontractor for Northrup Grumman.   

Click here

There is nothing to suggest that schematics or the like have been stolen, but more likely payroll details and emails. Forensic investigations are ongoing. 

 

 


 

Security by design given a boost in a round of government funding targeted promoting safer IoT devices. While £400,000 is not exactly a game-changer, it is a vocal pitch to support a standard minimum-security requirement. The UK may very well lead the way as to what “Security good looks like” 

Click here

 

 


 

Another bug bounty programme pays off   

A programmer in India has found a vulnerability on the Apple Sign-on feature. This flaw could allow hackers to hijack the user’s third-party applications.   

Bounty bugs are a method used by private firms to incentivise the tech-savvy to identify vulnerabilities to the tune of a handsome reward. In this case, $100,000. 

 

Some question the ethics behind this, but it’s a sure-fire way to utilise the world’s technical talent on a no win no fee basis. 

Click here

 


 

Data leak shines some light on the dark web. 

 

Daniel’s Hosting (DH) database has been hacked with the information leaked online. DH is the largest hosting provider on the dark web, with around 7,600 records.  Instead of Go-Daddy, think Creepy Uncle with something to hide.

It is possible to link the stolen credentials to dark web sites, removing anonymity. If you are setting up a service on the dark web, it’s pretty fair to assume that inconspicuousness is high on your agenda. Somewhat reminiscent of the Ashley Maddison Breach, only this time – there are worse things to hide than an affair.  

Click here 

 

 


 

 

MOT Tests may look quite different in the future. There are credible proposals for cyber security checks to reduce the chances of hacks. The safety standard, known as CAV PASS, will include threat mitigation protocols. The end goal is to provide the public with an extra layer of assurance around autonomous cars when they come into full-scale production. Before that, CAV PASS will be trialled on self-driving vehicles.  

 

Click here 

 

The automotive industry has been hit particularly hard by Covid-19 with factory closures, supply chain interruptions, and a reduction in customer demand.   

 

“This is a great development for the automotive industry, an industry known for its ever-growing array of industry standards and technologies. Having a standard that includes testing the security as part of the overall safety of vehicles is a great way forward. Not just for autonomous vehicles but even for non-autonomous cars being produced today, which are becoming increasingly connected and ‘smart’. Smart dashboards, interconnected infotainment systems, 4G modules, mobile car companion apps, and an array of diagnostics and sensors all connecting to the central processing unit inside the vehicle.” 

 Hugo Van den Toorn, Manager, Outpost24 

 


 

Ransomware Auction – A new trend?  Cash in the Attic and Bargain Hunt move aside.

We may be seeing a new trend by ransomware attackers – Pay up or face your data being auctioned and sold to the highest bidder.

REvil ransomware group has set up an auction site for stolen credentials to be auctioned. Grubman Shire Meiselas & Sacks, a legal firm used by the likes of Madonna, Lada Gaga, and Bruce Springsteen, was compromised last month. REvil has already insinuated that Madonna’s data is to be auctioned.   

Click here

 


Thoughts? Comments? Want further intel?  Don’t be shy reach out: ob@bestmansolutions.com

 

Other Posts...

Hiscox Readiness Report 2020

Hiscox Readiness Report 2020

26th June 2020
Read More
JUNE WEEK 4

JUNE WEEK 4

25th June 2020
Read More
SANS Cyber Aces: Learn the fundamentals of Cyber Security

SANS Cyber Aces: Learn the fundamentals of Cyber Security

24th June 2020
Read More