Risk Radar Free Cyber Newsletter – Oct 18, 2016

Nation-State Hackers Hit Japanese Nuclear Facility
A Japanese nuclear research facility has been hacked three times in the last year. The result has been the theft of 59,000 files and details of researchers working for the facility. The initial attack was done by a phishing email. The possibility of this data being used for bad purposes is a real possibility.
Experts ‘Outraged’ by Warrant Demanding Fingerprints to Unlock Smartphones
Some security researchers and civil libertarians are not happy with a recent warrant in California demanding fingerprints to unlock smartphones. While some consider the scope of the Department of Justice warrant too broad some are not sure the constitution has been violated. We can expect the constitutional aspects biometric data to get worked out if future court cases.

Leftover Factory Debugger Doubles as Android Backdoor
A debugger has been left in some Android firmware made by Foxconn. This debugger can be used as a backdoor into the phone if the attacker has physical access to the phone. This backdoor can be used to get around full encryption on the phone. Multiple phones could be affected, at this point, it is unknown how many. The security researcher has contacted Google and Qualcomm to work with Foxconn on this issue.

Attackers Hiding Stolen Credit Card Numbers in Images
An open source e-commerce platform (Magneto) has been targeted with malicious code called swipers. This code scrapes the credit card data and hides it until the attackers can retrieve it. The credit card data is being hidden in images on the sites using Magneto. The fix for this issue is still being looked into.
Europe to Push New Security Rules Amid IoT Mess
The European Commission is looking into making new security rules for manufacturers of IoT devices. The security of these IoT devices is minimal to non-existent, some devices even have hard coded login and password that can’t be changed. Security expert Bruce Schneier has been making the case that this is a needed step to stop IoT devices from being used in DDoS attacks.
VeraCrypt Patches Critical Vulnerabilities Uncovered in Audit
The recent audit of VeraCrypt has discovered vulnerabilities, these vulnerabilities have been patched in the latest VeraCrypt. VeraCrypt is a branch of TrueCrypt that is used for full disk encryption. VeraCrypt was selected by the Open Crypto Audit Project to verify the security of the crypto program.