ZDNet — An underground marketplace has been found to be selling information of more than 70,600 compromised servers in both government and private networks, located across 173 countries including Singapore, China, Malaysia, and Australia. Available for sale from US$6 each, access to these servers was being hawked at a cyber black market called xDedic, which appeared to be operated by a Russian-speaking group, according to Kaspersky Lab.
WSJ — HONG KONG—When the names and birth dates of more than 11 million children and adults were leaked from its online learning database last November, toy maker VTech Holdings Ltd didn’t discover the breach until a reporter emailed the company nine days later. Company executives said VTech took four more days after being notified before it asked users to change their passwords—and another 16 days before it issued a public statement about the breach.
Times of India — The CEO of SWIFT , the interbank messaging system embroiled in a global bank-hacking controversy, says to expect more information about breaches to emerge as fully armouring the network’s defenses is likely to take years. “We don’t think this is going to be solved overnight, so we’ll be looking for a number of quick wins to improve things in the near term,” Gottfried Leibbrandt, SWIFT’s CEO, said on Wednesday.
Channel News Asia — SINGAPORE: From 2015 till today, there have been 16 waves of targeted cyberattacks surfaced to the Cyber Security Agency (CSA), and this is one of the reasons why the Government has decided to separate Internet access for the work computers of public officers. These 16 attacks had escaped detection of perimeter defences such as firewalls and antivirus software, but were stopped and did no damage.
Asian Correspondent — MICROSOFT has released a list of Asia-Pacific countries that were most vulnerable to malware. The Malware Infection Index 2016 highlights threats undermining cybersecurity in the region. “Out of the top five locations across the globe most at risk of infection, a total of four are from the Asia Pacific — Pakistan, Indonesia, Bangladesh and Nepal,” Microsoft said on its website.
Foreign Affairs — Three years ago, Edward Snowden, a CIA employee, leaked documents revealing the U.S. government’s extensive surveillance of foreign and domestic phone calls. On the anniversary of that explosive disclosure, media outlets are no doubt preparing to revisit questions about data privacy and civil liberties.
Fortune — The malware that was used to steal $81 million from Bangladesh’s central bank has been linked to another cyber attack, this time on a bank in the Philippines, cyber security company Symantec said in a blog post on Thursday. The company said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in South-East Asia.
Channel News Asia — FRANKFURT: The European Central Bank will set up a database to register incidents of cyber crime at commercial banks, aiming to create an early warning and analysis system for big lenders, it told a German newspaper on Thursday. Attackers earlier this year stole US$81 million from a Bangladesh central bank account at the New York Fed in one of the biggest-ever cyber heists, heightening global concerns over cyber security.
Macau Daily Times — The Business Continuity Institute’s (BCI) Horizon Scan report was presented yesterday at the Asia Emergency Management Conference 2016 (AEMC), revealing that cyber attacks were the number one threat to businesses across the globe. Horizon Scan, an annual research report, is a tool used by those working in the fields of business continuity and risk or resilience, according to BCI’s community engagement manager David West.
IT News — Bangladeshi police investigating a US$81 million (A$110 million) cyber heist on the country’s central bank have claimed errors made by SWIFT technicians left the financial institution vulnerable to attack.
IT News — Security researchers have uncovered a bug in Google Android devices that could leave potentially millions of smartphone and tablets manufactured over the last five years open to attack. FireEye’s Mandiant security research team discovered the exploit last December but went public with its findings for the first time today.
The Inquirer — The Security Intelligence Report (SIR. ) is out now and shows that threats are not going away, but also that when they come, Microsoft is usually in a place to deal with themTim Rains, director of security at Microsoft, said that this 20th issuance adds new features, these being a focus on a new attack group called PLATINUM which is posing a problem, and a new section dedicated to tackling password protection in the cloud.
MIS Asia — Leaders must go beyond managing cybersecurity resources, and actively sharing knowledge, expertise, and best practices to collectively build their defences. A new whitepaper by LogRhythm indicates Singapore to be a prime target for cybercrime due to its strategic position as a regional trade and banking hub.
IT News — A security researcher has earned a top bug bounty from Facebook after discovering vulnerabilities and a backdoor on a server operated by the social network that led to hundreds of staff passwords being captured by an unknown hacker. Orange Tsai, of Taiwanese security vendor Devco.re, scanned Facebook’s IP address space and found a domain name that piqued his interest.
IT News — Security researchers have uncovered new insights into how attackers were able to compromise the SWIFT software platform used by the Bangladesh central bank to steal US$81 million (A$107 million). SWIFT, a cooperative owned by 3000 financial institutions, confirmed it was aware of malware targeting its client software.
Enterprise Innovation — India has become the third most favourite destination for financial Trojan infections globally. Global software company Symantec’s Internet Security Threat Report suggests that Indian enterprises were the sixth most targeted globally by cyber-criminals, with victim firms often being subjected to at least two attacks.
Rappler — MANILA, Philippines – The Philippine government seems to be a favorite target of hacking, given the number of defaced websites in recent years. Following in the footsteps of so-called hacktivists, some have resorted to breaching systems to voice their concerns to government.
Asia One — Banks in Singapore are increasingly being targeted by cybercriminals, experts said, given the growing sophistication of the dark web that has developed into a bustling marketplace for malware, complete with money-back guarantees. While other financial centres – and certainly non-financial corporations – are also at risk, Singapore stands out as a significant number of banking customers read Chinese.
ZDNet — The incidence of ATM, credit, debit card and net banking-related fraud has gone up by more than 35 percent between 2012-13 and 2015-16 in India, according to country’s federal bank Reserve Bank of India (RBI). According to RBI data, 8,765 cases were reported by banks in 2012-13 and the corresponding figures for subsequent three years were 9,500 (2013-14), 13,083 (2014-15) and 11,997 (in the first nine months of 2015-16) respectively. India ranked third after Japan and the US as countries most affected by online banking malware in 2014.
Enterprise Innovation — The Philippines’ 55 million voters are now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Commission on Elections (Comelec) last month, security firm Trend Micro has warned. The defacement of the Comelec website by a hacker group called Anonymous Philippines happened at near midnight on March 27.
Times of India — MUMBAI: Most top executives at Indian companies have no strategy to react to a cyberattack, cyberwar games held earlier this year by consultancy firm EY showed. EY ran a cyberattack simulation for 79 CEOs sitting in one room and they struggled to come to a consensus on whom to call first if their firm was hacked.
The Diplomat — Cyber is a relatively new realm of security that states across the world have to contend with. From deciding what constitutes an “attack” to what constitutes a “proportionate response,” many states are still struggling to understand this new sphere. Such issues require international cooperation to establish new norms, and in a parallel effort, states are doing as much as they can unilaterally to defend themselves. However, Japan, in particular, is still lagging.
Channel News Asia — ISTANBUL: Turkey’s authorities launched a probe Wednesday into a leak of the personal data of some 50 million Turkish citizens, the latest breach to expose weaknesses in the country’s information security. The massive database – containing Turks’ names, identity numbers and addresses – was posted online by hackers earlier this week along with sharp jabs at the country’s leadership.
MBAI: Reserve Bank Governor Raghuram Rajan today said the country has taken enough preventive measures following a recent $951-million cyber heist scandal involving the Bangladesh central bank. “What happened in Bangladesh is certainly a source of concern for all of us, and we have taken some measures and are continuing to understand better what actually happened so that we can further our measures,” Rajan told reporters.
IT News — Google’s April collection of security updates for its Android mobile operating system takes care of no fewer than 15 vulnerabilities rated as critical, the company said. As with past security alerts, the mediaserver component of Android has emerged as one of the most vulnerable.
Vietnam Net — The event aims to set up security measures, ensure information security for e-Government, propose measures to protect enterprises’ databases and curb data leaks. Thinh attributed the increasing number of attacks to serious security loopholes that have not been repaired on most electronic websites and information portals.
ZDNet — The QQ browser from Tencent has been found by Citizen Lab, a research group within the University of Toronto, to be transmitting personally identifiable data with little or no encryption, leaving users open to man-in-the-middle data collection. In its findings, Citizen Lab said that QQ is also vulnerable to arbitrary code execution thanks to an insecure update process.
IT News — Bangladesh’s central bank has hired a lawyer in the US for a potential lawsuit against the New York Federal Reserve after unknown hackers stole US$81 million (A$107 million) from its account. In one of the largest cyber heists in history, the hackers breached the computer systems of Bangladesh Bank (BB) in early February and succeeded in issuing instructions to the New York Fed to transfer US$81 million to accounts in the Philippines.
IT News — Bangladesh has formally sought assistance from the US FBI to track down the cyber crooks who stole US$81 million (A$107 million) from its central bank’s US account. Unknown hackers breached the computer systems of Bangladesh Bank in early February and attempted to steal US$951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements.