A grand jury indicted the seven alleged cyberattackers, who had links to the Iranian government, for an "extensive campaign" which lasted just shy of six months. During their campaign, they are said to have carried out numerous distributed denial-of-service (DDoS) attacks, with one of the attackers separately gaining unauthorized access to a dam's industrial automation control (SCADA) system. The seven men are accused of disabling bank websites, preventing customers from gaining access to their online accounts, and costing the companies "tens of millions of dollars in remediation costs" in fending off the attacks in various incidents spanning 2011 to 2013. Court papers say Bank of America, Capital One, ING, PNC Banks, and the New York Stock Exchange were targets. One of the men charged, Hamid Firoozi, was indicted on a separate count of hacking into a system the Bowman Dam in New York, which according to the Justice Dept.
The Abu Dhabi National Oil Company (ADNOC) is transforming its business through digital projects that range from deciding where to drill for oil and gas, to helping the company decide where to sell its final products. The state-owned oil company has driven the United Arab Emirates' economy since it was founded almost half a century ago, and its head of digital, Abdul Nasser Al Mughairbi, has been driving digital transformation since 2017. Each day, ADNOC produces three million barrels of oil and processes billions of cubic feet of gas. It has businesses involved in the extraction of raw materials upstream as well as the processing of materials to add value downstream. Add to this the transportation, sales and marketing of oil and gas, and you have a large, complex organisation.
Iran's government-backed hackers are trying to infect US military veterans with malware with the help of a malicious website, researchers from security firm Cisco Talos reported on Tuesday. The website, located at hiremilitaryheroes[.]com (pictured above), offers a fake desktop app for download, in the hopes that US military veterans would download and install it, presumably to gain access to job offerings. But Cisco Talos researchers say the app only installs malware on users' systems and shows an error message, indicating that the installation failed. Behind the scenes, the malware continues to operate on victims' computers, gathering information about the system's technical specs, and sending the data to an attacker-controlled Gmail inbox. The type of data the malware collects includes information on the system, the patch level, the number of processors, the network configuration, the hardware, firmware versions, the domain controller, the name of the admin, the account list, date, time, drivers, etc.. "This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks," said Warren Mercer, Paul Rascagneres, and Jungsoo An, the three Cisco Talos researchers who analyzed the malware.
There's nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability--you know it as Krack--announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn't impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.
Sean Spicer resigned his position as White House press secretary today. And while DC reporters may not miss his fact-bending bombast at press briefings, the internet sure will. Since first taking the podium earlier this year, the man has been a nonstop viral clip and meme-making machine. Somehow in the cynical, post-ironic kaleidoscope of the internet, nothing has become funnier than a puffed-up rage goblin shamelessly, bumblingly, misleading the public. Language is dead and absolutely nothing matters, so we'll miss you, Spicey.