Google Warns Users of Recent State-sponsored Attacks

Google gave warnings about potential government-backed attacks against numerous journalists, academics and activists.  Twitter postings regarding it seem to be authentic.  Numbers estimate up to a million may have seen state-sponsored probing.  The article offers suggestions for password security and encryption of files.

Source: http://www.securityweek.com/google-warns-users-recent-state-sponsored-attacks

Backdoor in Some Android Phones Sends Data to Server in China

Recently multiple Android mobile device models sold in the United States have been found to include a backdoor in their firmware and to send personally identifiable information (PII) to third-party servers.  Furthermore the question was raised why the users were not informed.  Not only is there a backdoor in the firmware however devices sold via Amazon, BestBuy, and other major US-based online retailers, could also install applications remotely, without user consent.


Source: http://www.securityweek.com/backdoor-some-android-phones-sends-data-server-china

China-Linked Cyberspies Lure Victims With Security Conference Invites

A China-linked cyber espionage group known as Lotus Blossom has used fake invitations to an upcoming Cybersecurity Summit to trick users into installing a piece of malware on their systems.  This is the latest in a string of cyber attacks where hacker groups use educational cybersecurity presentations and events to lure unsuspecting users into downloading malware.  The security firm respponsible for the event in question had spotted attacks against government and military organizations in Southeast Asia, including Vietnam, Philippines, Taiwan, Hong Kong and Indonesia.

Source: http://www.securityweek.com/china-linked-cyberspies-lure-victims-security-conference-invites

VMware Flaws Allow Security Bypass on Mac OS X

This article describes a security vulnerability on VMware running Mac OS X.  To most users this presents as a surprise given Mac OS's reputation for security.  VMware tools has been patched for several of these vulnerabilities.

Source: http://www.securityweek.com/vmware-flaws-allow-security-bypass-mac-os-x

Researchers Build Configuration Extractor for Locky Ransomware

There is a new open source utility called LockyDump.  This utility was created by researchers working on the problem of the ransom ware Locky.  The utility allows users to extract the config and various information.  Ransom ware researchers can then track information used in developing trends shown by criminals and the ransom ware.

Source: http://www.securityweek.com/researchers-build-configuration-extractor-locky-ransomware

Newsweek Joins Growing Club of Possible Russian Cyberattack Targets

After some comments made by a Newsweek article their site was under DDoS attack.  It is suspected that the attack was politically motivated.  Most of the IP addresses were originating from Russia.  This would not be the first DDoS attack that has been politically motivated.

Source: http://www.technewsworld.com/story/83968.html

Hacking Elections Is Easy, Study Finds

This article discusses hacking in relation to the U.S. democratic process.  I found it rather interesting that educated security personnel had a few comments on the subject.  "It might be possible to change some votes, but to change the outcome of an election and do so in a way that could not be detected is not practical at this point." Apparently the current system(s) used by each state makes it rather difficult to influence the elections in any major or undetectable manner.  The question is raised if suggested systems by the media recently are actually safer and what would be realistically required for a standardized IT solution to voting.

Source: http://www.technewsworld.com/story/83947.html