The following is this week’s sample of ThreatScape® Media Highlights – an email roundup of security headlines augmented by insights and analysis from iSIGHT Partners. Our cyber threat intelligence clients receive this update daily.
Wednesday, 9 September 2015
SELF-DRIVING CARS ARE HACKABLE
FROM THE MEDIA
Jonathan Petit, a Security Innovation, Inc. security researcher, recently discovered how to trick LiDAR sensors on self-driving vehicles. The method allows Petit to slow down or abruptly stop a vehicle by sending a laser pulse at its sensors. As LiDAR uses a laser pulse to measure the distance between itself and an object, this method tricks the car into thinking there are nearby objects. Petit was able to disrupt this system with a homemade kit costing about $60 dollars.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
ThreatScape Media Highlights (UK Robot Car Guidelines Include ‘Anti-Hacking’ Measures), 21 July 2015
Intel-1251618 (Threats to the Automotive Industry), 30 Sept. 2014
Intel-1111421 (“Car Hacking” Threats), 16 May 2014
PORN APP TOOK SECRET PHOTOS OF USERS
FROM THE MEDIA
Zscaler, a security research firm, has discovered a malicious Android app, Adult Player. The app purports to offer users pornography, but in reality, takes photographs of users with the device’s front facing camera. The app then locks the users’ device and demands a ransom of $500 USD.
Read the Story: BBC
iSIGHT PARTNERS ANALYST COMMENT
15-00005574 (Actor Offers Android Ransomware Kit, ‘GM CryptoLocker;’ Will Likely Enable Effective Ransomware Operations), 18 June 2015
15-00002488 (Characteristics and Capabilities of Android Ransomware ‘Simplocker’), 16 April 2015
15-00007094 (Overview of Ransomware History and Current Trends), 27 July 2015
ARRESTS TIED TO DRIDEX, CITADEL MALWARE
FROM THE MEDIA
In separate operations, authorities in Europe recently took into custody the alleged creator of the banking malware Dridex and the creator of the Zeus malware variant Citadel. Both of the arrested men, a Russian and a Moldovan, now face extradition to the United States.
Read the Story: Krebs on Security
iSIGHT PARTNERS ANALYST COMMENT
15-00004858 (Dridex Analysis Reveals New Keylogging Targets and Continued Defrauding of Financial Institutions), 16 June 2015
15-00003102 (Dridex Leverages Webinjects, Keylogging, Form Grabbing and Screenshots), 21 April 2015
15-00001706 (Zeus and Citadel: Daily Snapshot Reveals 37 Unique Campaigns, Wildcarded Targets and Commonalities in Target URLs), 30 March 2015
SECURITY CONCERNS FORCE GOOGLE TO CHANGE GOOGLE CALENDAR URL
FROM THE MEDIA
Google will change its calendar URL on Sept. 21, 2015 due to alleged security issues. The current Google calendar URL (google.com/calendar) will be changed to calendar.google.com. According to Google, the change comes in response in an effort to increase security.
Read the Story: Softpedia
iSIGHT PARTNERS ANALYST COMMENT
15-00000578 (Watering Hole Sites Continue to Direct Visitors; Some Sites No Longer Using Google-Shortened URLs (Updated)), 31 March 2015
15-00007280 (@YourAnonNews Suggests Threat Activity Against Google AdSense; Actual Campaign Unlikely), 22 July 2015
The post ThreatScape Media Highlights Update – Week Of September 9th appeared first on iSIGHT Partners.
