Issue 31 - Week of Sep 20th

1.       A diesel whodunit: How software let VW cheat on emissions. According to the U.S. Environmental Protection Agency, Volkswagen was able to cheat emission tests for half a million of its U.S.-sold cars. Diesel cars from Volkswagen and Audi cheated on clean air rules by including software, likely a single line of code that made the vehicles' emissions look cleaner than they actually were. This resulted in VW cars meeting emissions standards in the Lab or testing station but during normal operation on roads- emit 40 times more Nitrogen oxides.

2.       Morgan Stanley employee pleads guilty in data breach case. A Morgan Stanley employee who was fired in connection with a data breach at the company, pleaded guilty last week to downloading hundreds of thousands of confidential customer account data. Names, addresses, account numbers, and investment information are among the sensitive data of the 730,000 accounts (10% of the Wealth division clients) taken by him, according to the prosecution. They also claim that he was speaking to other companies about a possible new job when the data was taken; sentencing is scheduled for December.

3.       Uber hacked again. "@Uber I had a great ride in China this morning! Except, weird, I wasn't in China this morning. A number of Twitter users worldwide are complaining that their Uber accounts have been hacked and are being used to secure rides in China without their consent or knowledge. After an account has been hacked, you can eventually find them for sale in the Dark Web. Identities can be purchased for as little as $1, as well as compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts.

4.       The OPM breach deepens: 5.6 million federal employees' fingerprints stolen. It took weeks before the Office of Personnel Management (OPM) admitted that almost 22-million federal employee personnel and security records had been cracked in two separate attacks. Months later, the OPM and Department of Defense (DoD) confessed that of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.

5.       Russia's plan to crack TOR crumbles. The Russian Govt was willing to pay 3.9 million rubles ($59,000) to anyone able to crack Tor, a popular tool for communicating anonymously over the Internet. Now the company that won the government contract expects to spend more than twice that amount to abandon the project. As discussed in Issue - 27 of this blog, TOR (The Onion Router) is a browser that delivers untraceable access to the Internet by linking all the computers onto a network and is mostly being used for unscrupulous and illegal activities.

6.       Security spending will reach $75.4b worldwide: Gartner. Worldwide security spending will reach $75.4 billion this year, a 4.7 percent increase over last year, according to the latest forecast from technology research firm Gartner. "Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing, and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks."

7.       Cybersecurity firm offers $1 million for Apple hack. A Computer security firm last week, offered a $1 million bounty to hackers who can find a way to breach Apple's latest iOS 9 mobile operating system. To win the money, hackers must use a web page or text message to remotely bypass the iOS 9 security and discretely install an application on the iPhone or iPad by October 31, the company said in an online statement.

8.       Healthcare Organizations twice as likely to experience data theft than other Industries. Last week, Raytheon|Websense announced the publication of 2015 Industry Drill-Down Report – Healthcare. In it, Websense explains why healthcare has experienced a surge in attacks in recent years: The rapid digitization of the healthcare industry, when combined with the value of the data at hand, has led to a massive increase in the number of targeted attacks against the sector. While the finance and retail sectors have long honed their cyber defenses, research illustrates that healthcare organizations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information.

9.       Cyber security very important for Digital India: The Digital India program envisions the creation of a digitally empowered economy, e-governance and services on demand to improve access of information as well as resources for citizens. The Aadhar (UID) initiative now stores biometric data of over 730 million citizens. India currently has 319 million internet users, 213 million mobile internet users, 41% of e-commerce sales happen on the mobile, it is anticipated that majority of the Digital India users will also be using mobiles. Now consider these statistics in the light of a recent report that discussed how Android phones can be hacked with a single text message. Any security breach will raise major concerns about privacy and security of confidential data.

10.   Apple on Thursday shared a list of the top 25 iOS apps infected with malware as a result of Xcode Ghost. As previously noted most of the titles are from China-based developers since that's where programmers installed a modified version of Apple's Xcode IDE in lieu of the official version. Apple has pointed out that WeChat topped the list of 25 apps - which contains games, utilities and other software including an Angry Birds 2 clone. The Infected apps: