The 2016 Alien Eye In the Sky Recap

Today is the last Alien Eye in The Sky episode for 2016, so rather than just recapping the week, we thought we’d take a look at what’s transpired over the course of 2016.

To be honest, I underestimated the huge task at hand, and after researching several hundred breaches, decided that it was better to break down the incidents into trends and take samples from each.

Hopefully this will give a renewed appreciation of how much the cyber security challenge is growing across the world and across all industries.

So, without further ado, all the stories mentioned in the video are linked below.

Happy holidays everybody!

Online dating

Adult Friend Finder

Fling,

Mate1,

Shadi.com,

Muslim Match.

Password re-use attacks

Carbonite,

Netflix,

GoToMyPC,

Reddit,

TeamViewer,

Camelot,

Deliveroo,

KFC.

Heathcare

Banner Health which impacted 3.7m patients

Turkish state hospitals 10m patients.

Queen Mary Hospital in Hong Kong saw 3,600 records accessed

Al Zahra Private Medical Centre in the UAE had 4,600 records accessed.

New Jersey Spine Centre,

Center for Neurolosurgical and Spinal Disorders

It’s Not all fun and Games

steam game keys stolen.

Evony gaming company saw itself targeted twice during the year.

Forums belonging to Clash of Kings and Funcom were breached.

 

Elections

The Philippines commission on Elections was attacked a month before the country held its 3rd automated elections

The personal information of over 93.4million Mexican citizens had their voter registration details exposed online.

Illinois online voter registration portal hacked, information compromised

Every voter in Louisiana’s details exposed

In Ghana, the Electoral Commission had four computers stolen that were used for biometric voter registration.

Education

The Indian institute of management was hacked and reults of CAT exam released

University of Central Florida

N.C State university

Jacksonville State University

University of Liverpool

University of Ottawa missing hard drive with data on 900 students

Saga prefecture schools

Defcon IoT village saw 47 new vulnerabilities discovered in devices

Ransomware

Banking incidents

Tesco Bank Hack

Bank of New Zealand

Royal Bank of Canada

SunTrust Bank

Qatar National Bank

Miscellaneous hacks and breaches through the year

Oregon Department of Fish and Wildlife

Azerbaijani hackers leak secret data from Armenian intel server

World Anti-Doping Agence (WADA) hacked

Adani Po  wer Ltd. India

Zameen.com Pakistani real estate giant hacked, entire DB leaked.

Siliconware Precision Industries in Taiwan suspected an engineer stole data.

Christians against poverty saw bank details, phone numbers, and other data stolen.

American Association for the Advancement of Science

Rhode Island Blood Enter

Vietnam Airlines

South Africa’s Department of Water Affairs

Yahoo hack

Alien Eye in the Sky Ep 8

Another week, another set of impactful, bizarre, and interesting security stories.

We tried something interesting this week, rather than focusing on a few stories in the video and posting links to others, we’ve crammed them all into one action-packed episode!

Stories covered

Toyota dealer sued for stealing intimate photos off couple’s smartphone

Nice Security Matrix about Office macros (PDF)

Counterproductive security behaviors that must end

How HMRC combats phishing by using DMARC

How publishers are defeating ad blockers and how ad blockers are fighting back

Fake US embassy in Accra ‪Ghana staffed by Turks, flew an American flag and issued fraudulent visas for $6,000.

Did someone put you in the TO: instead of the BCC: ? Do This…

15 ways to deal with badly written risks

Every so often, a report gets presented which looks like it was written by the work experience student that was employed by the intern.

So what’s the best way to respond? I went on twitter to ask the opinion of folk who have to deal with this kind of thing on a regular basis, and distilled their wisdom into 15 tips.

Other honourable mentions go to:


Alien Eye In The Sky – Security News Roundup

True to form, cyber security continues its domination of technology and mainstream news. Ransomware continues to strike, using different techniques such as Locky’s recent spread through social media, or attacking targets like the San Francisco Municipal Transport Agency.

Password reuse attacks continue to grow. From Deliveroo’s attack a couple of weeks ago, to the UK’s National Lottery this week.

It’s another crazy week – with many “Shatners” thrown in for good measure.

In This Weeks Video

Locky spreads through social media

San Francisco Municipal Transport agency gets hit by ransomware

National Lottery accounts breached

Other interesting stories

 

PhishLulz is a Ruby toolset aimed at automating Phishing activities

Syscall Auditing at Scale

EU General Data Protection Regulation FAQ’s

Security operations centre (SOC) buyers guide

InPage zero-day exploit used to attack financial institutions in Asia

Generate Geolocation map using WireShark

Brief lessons on handling huge traffic spikes

WiFi Frequency hacker

,

Alien Eye in the Sky

A lot went down – some stories in the video and a ton of interesting links below. Enjoy!

Stories in Video

Tesco Bank Hacked

Adult Friend Finder hack

Facebook buyingstolen passwords

IP Bill set to becomelaw

Other interesting stories  

Cyber Security Challenge UK crowns youngest ever champion

GCHQ wants internet providers to rewrite systems to block hackers

Researchers’ Belkin Home Automation Hacks Show IoT Risks

UK halts Facebook’s WhatsApp data dip

Data Cleanliness and patch verification

A Cybercrime Report Template

Smart Light bulb worm hops from lamp to lamp

The 2016 Alien Eye In the Sky Recap

Today is the last Alien Eye in The Sky episode for 2016, so rather than just recapping the week, we thought we’d take a look at what’s transpired over the course of 2016. To be honest, I underestimated the huge task at hand, and after…

Alien Eye in the Sky Ep 8

Another week, another set of impactful, bizarre, and interesting security stories.   We tried something interesting this week, rather than focusing on a few stories in the video and posting links to others, we’ve crammed them all…

15 ways to deal with badly written risks

Every so often, a report gets presented which looks like it was written by the work experience student that was employed by the intern. So what's the best way to respond? I went on twitter to ask the opinion of folk who have to deal with…

Alien Eye In The Sky - Security News Roundup

True to form, cyber security continues its domination of technology and mainstream news. Ransomware continues to strike, using different techniques such as Locky’s recent spread through social media, or attacking targets like the San Francisco…
,

Alien Eye in the Sky

A lot went down - some stories in the video and a ton of interesting links below. Enjoy!   Stories in Video Tesco Bank Hacked Adult Friend Finder hack Facebook buyingstolen passwords IP Bill set to becomelaw Other…

Tactical Edge, Colombia

I always get excited when I get to travel to new places and meet interesting people as part of my job. To say I was extremely excited and humbled to have been invited to attend Tactical Edge in Bogota, Colombia would be an understatement. However,…

Alien Eye in the Sky: Ep 5

After a hiatus of a week while I was attending Tactical Edge in Colombia - I'm back with a roundup. Stories in the video http://www.theregister.co.uk/2016/10/24/chinese_firm_recalls_webcams_over_mirai_botnet_infection_ddo... http://www.bbc.co.uk/news/technology-37761868 https://www.veracode.com/blog/managing-appsec/do-you-use-open-source-components-find-out-what-our-la... https://www.ft.com/content/ed9ff168-9b03-11e6-8f9b-70e3cabccfae (may…

IoT botnets - an open letter to manufacturers

I blogged something about Mirai over on the AlienVault blog. But that didn't ease my pain, so I went and made a video as a kind of open letter to manufacturers.

Podcasts!

As if blogging and making videos wasn't enough. I've wanted to stretch my creative legs for a while and dip a toe into the world of podcasting. So, I jumped at the opportunity when there was the chance to start a new podcast at AlienVault.…