Ukraine power grid outage may be cyber related

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Ukraine is inves­ti­gat­ing a sus­pect­ed cyber attack on Kiev’s pow­er grid. A pow­er dis­tri­b­u­tion sta­tion unex­pect­ed­ly switched off, leav­ing the north­ern part of the cap­i­tal with­out elec­tric­i­ty. It comes after a Ukrain­ian secu­ri­ty chief said last week that Ukraine need­ed to beef up its cyber defens­es, cit­ing a spate of attacks on gov­ern­ment web­sites that he said orig­i­nat­ed in Rus­sia. The out­age amount­ed to 200 megawatts of capac­i­ty, equiv­a­lent to about a fifth of the capital’s ener­gy con­sump­tion at night. The company’s IT spe­cial­ists found trans­mis­sion data that had not been includ­ed in stan­dard pro­to­cols, sug­gest­ing exter­nal inter­fer­ence. Over the past month, Ukraine’s finance and defense min­istries and the state trea­sury have said their web­sites had been tem­porar­i­ly downed by attacks aimed at dis­rupt­ing their oper­a­tions. Source: Reuters

Not even the Avengers can defend against everything

sh_marvel-comics_280Self-described white hat secu­ri­ty group Our­Mine is claim­ing respon­si­bil­i­ty for tak­ing over the ver­i­fied Twit­ter accounts of Mar­vel, The Avengers, Ant-Man, Cap­tain Amer­i­ca, Tony Stark and an unver­i­fied account for the Incred­i­ble Hulk. In each case, they post­ed at least one mes­sage describ­ing the hack as a secu­ri­ty test, com­plete with an email address for Mar­vel to con­tact “to help you with your secu­ri­ty.” Source: CNet

New York financial regulations to be delayed

New York’s finan­cial reg­u­la­tor will delay an antic­i­pat­ed Jan. 1 dead­line for banks and insur­ers doing busi­ness in the state to com­ply with con­tro­ver­sial cyber­se­cu­ri­ty rules. The New York State Depart­ment of Finan­cial Ser­vices will pub­lish a revamped ver­sion of its cyber­se­cu­ri­ty rules in the New York State Reg­is­ter on Dec. 28. The new effec­tive date, fol­low­ing a pub­lic review peri­od, will be March 1. Source: Reuters

European nations fear Russian cyber interference in elections

sh_russia-hack_280Europe is brac­ing for Russ­ian inter­fer­ence via cyber attacks before a series of elec­tions. France, Ger­many and the Nether­lands go to the polls in 2017, and ana­lysts say Rus­sia already is attempt­ing to influ­ence the out­comes, a charge Moscow denies. As the chief Euro­pean archi­tect of sanc­tions against Rus­sia, ana­lysts say Ger­man Chan­cel­lor Angela Merkel is the Euro­pean leader Moscow would most like to see vot­ed out. Source: Voice of Amer­i­ca News

Health plan participants told of data breach

Almost 400,000 cur­rent and for­mer mem­bers of the Com­mu­ni­ty Health Plan of Wash­ing­ton have had per­son­al infor­ma­tion, includ­ing Social Secu­ri­ty num­bers, exposed in a data breach. The non­prof­it, which pro­vides health insur­ance through Med­ic­aid in Wash­ing­ton, is send­ing let­ters to 381,534 indi­vid­u­als noti­fy­ing them of the inva­sion and steps they can take to pro­tect them­selves with help from the Com­mu­ni­ty Health Plan of Wash­ing­ton. Source: Seat­tle Times

A learning experience of a different kind

sh_lynda-com_280Online learn­ing plat­form Lynda.com has begun noti­fy­ing its 9.5 mil­lion users that it recent­ly expe­ri­enced unau­tho­rized third-par­ty access to a data­base that con­tains con­tact infor­ma­tion of account hold­ers, their learn­ing data, and cours­es viewed. The LinkedIn sub­sidiary said there was no evi­dence the breach includ­ed the leak of pass­words in the com­pro­mised data, but LinkedIn has reset the pass­words for approx­i­mate­ly 55,000 Lynda.com users as a pre­cau­tion­ary mea­sure. Source: ZD Net

Insurer widens cyber coverage offerings

An expand­ed suite of cyber loss mit­i­ga­tion ser­vices now is avail­able to help Chubb’s U.S. and Cana­di­an pol­i­cy­hold­ers reduce the impact and like­li­hood of a cyber inci­dent. The expand­ed suite of ser­vices includes the addi­tion of pass­word defense and online secu­ri­ty aware­ness train­ing for cyber pol­i­cy­hold­ers. Source: PR Newswire

University tells some Huskers their data may be at risk

sh_nebraska-huskers_280Uni­ver­si­ty of Nebras­ka-Lin­coln offi­cials emailed stu­dents to warn them of a secu­ri­ty breach. The names, ID num­bers and grades of 30,000 cur­rent and for­mer stu­dents may have been com­prised in the past two years. UNL dis­cov­ered unau­tho­rized access of a serv­er that ran a math place­ment exam. Source: KETV, Oma­ha

It’s a virtual matter of money

Admin­is­tra­tors of the Ethereum Project say a data breach affect­ed more than 16,500 users of the platform’s com­mu­ni­ty forums. Ethereum is the name of the plat­form on which users can trade the Ether cryp­tocur­ren­cy, while the Ethereum Project is the gov­ern­ing body that man­ages the plat­form. Source: Bleep­ing Computer

Health breaches up from one month to the next

Novem­ber saw a 60 per­cent increase of breach inci­dents from Octo­ber, at an aver­age of two inci­dents per day. With 57 report­ed inci­dents, Novem­ber saw the most breach­es so far this year, accord­ing to the Pro­tenus Breach Barom­e­ter. Forty-sev­en inci­dents involved a total of 448,639 breached records, the report found. The largest sin­gle inci­dent involved 170,000 patient records, which result­ed from a third-party’s insid­er error. Source: Health­care IT News

Third-party breach hits Groupon customers

sh_groupon_280Scores of Groupon cus­tomers in Lon­don claim hun­dreds of pounds have been tak­en from their bank accounts by cyber crim­i­nals. Many Groupon buy­ers claim they received unex­pect­ed con­fir­ma­tion emails for pur­chas­es they hadn’t made while oth­er online shop­pers report­ed los­ing out on hun­dreds of pounds. Groupon said its own site has not been hacked but con­firmed hack­ers had man­aged to hack into users’ accounts after get­ting login and pass­word details from a third-par­ty web­site. Source: The Stan­dard

Not so fast, EU court tells Britain

Gen­er­al and indis­crim­i­nate reten­tion” of emails and elec­tron­ic com­mu­ni­ca­tions by gov­ern­ments is ille­gal, the EU’s high­est court has ruled, in a judg­ment that could trig­ger chal­lenges against the UK’s new Inves­ti­ga­to­ry Pow­ers Act. Only tar­get­ed inter­cep­tion of traf­fic and loca­tion data in order to com­bat seri­ous crime—including terrorism—is jus­ti­fied, accord­ing to a long-await­ed deci­sion by the Euro­pean court of jus­tice in Lux­em­bourg. Source: The Guardian