Underground market selling details of compromised servers in 173 countries

APACZDNet — An underground marketplace has been found to be selling information of more than 70,600 compromised servers in both government and private networks, located across 173 countries including Singapore, China, Malaysia, and Australia. Available for sale from US$6 each, access to these servers was being hawked at a cyber black market called xDedic, which appeared to be operated by a Russian-speaking group, according to Kaspersky Lab.


Regulators to Tighten Cyberdefenses as Attacks in Asia Increase

Hong KongWSJ — HONG KONG—When the names and birth dates of more than 11 million children and adults were leaked from its online learning database last November, toy maker VTech Holdings Ltd didn’t discover the breach until a reporter emailed the company nine days later. Company executives said VTech took four more days after being notified before it asked users to change their passwords—and another 16 days before it issued a public statement about the breach.


SWIFT CEO warns: Expect more hacking attacks #cloud #asia #security #hacking #swift

APACTimes of India — The CEO of SWIFT , the interbank messaging system embroiled in a global bank-hacking controversy, says to expect more information about breaches to emerge as fully armouring the network’s defenses is likely to take years. “We don’t think this is going to be solved overnight, so we’ll be looking for a number of quick wins to improve things in the near term,” Gottfried Leibbrandt, SWIFT’s CEO, said on Wednesday.


Facebook flaw lets attackers into Messenger chats

APACIT News — A vulnerability in Facebook’s Messenger application allowed attackers to adopt a man-in-the-middle position to manipulate the conversation thread in secret, security firm Check Point has revealed. The firm today disclosed details of the flaw after it reported the hole to Facebook earlier this month. Facebook has patched the vulnerability.


Singapore can’t be a Smart Nation if systems are vulnerable: CSA chief

SingaporeChannel News Asia — SINGAPORE: From 2015 till today, there have been 16 waves of targeted cyberattacks surfaced to the Cyber Security Agency (CSA), and this is one of the reasons why the Government has decided to separate Internet access for the work computers of public officers. These 16 attacks had escaped detection of perimeter defences such as firewalls and antivirus software, but were stopped and did no damage.


Pakistan, Indonesia and Bangladesh most vulnerable to malware in Asia – Microsoft

APACAsian Correspondent — MICROSOFT has released a list of Asia-Pacific countries that were most vulnerable to malware. The Malware Infection Index 2016 highlights threats undermining cybersecurity in the region. “Out of the top five locations across the globe most at risk of infection, a total of four are from the Asia Pacific — Pakistan, Indonesia, Bangladesh and Nepal,” Microsoft said on its website.

Pakistan, Indonesia and Bangladesh most vulnerable to malware in Asia – Microsoft

The Hidden Vulnerabilities in Chinese Information Technology

ChinaForeign Affairs — Three years ago, Edward Snowden, a CIA employee, leaked documents revealing the U.S. government’s extensive surveillance of foreign and domestic phone calls. On the anniversary of that explosive disclosure, media outlets are no doubt preparing to revisit questions about data privacy and civil liberties.


Symantec Says SWIFT Malware Is Linked to Cyber Attack in the Philippines

PhilippinesFortune — The malware that was used to steal $81 million from Bangladesh’s central bank has been linked to another cyber attack, this time on a bank in the Philippines, cyber security company Symantec said in a blog post on Thursday. The company said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in South-East Asia.

Symantec Says SWIFT Malware Is Linked to Cyber Attack in the Philippines

ECB to set up cyber attack warning system for banks

BangladeshChannel News Asia — FRANKFURT: The European Central Bank will set up a database to register incidents of cyber crime at commercial banks, aiming to create an early warning and analysis system for big lenders, it told a German newspaper on Thursday. Attackers earlier this year stole US$81 million from a Bangladesh central bank account at the New York Fed in one of the biggest-ever cyber heists, heightening global concerns over cyber security.


Crisis Management | Cyber Attack A Top Threat To Businesses, Study Shows, from Macau

MacaoMacau Daily Times — The Business Continuity Institute’s (BCI) Horizon Scan report was presented yesterday at the Asia Emergency Management Conference 2016 (AEMC), revealing that cyber attacks were the number one threat to businesses across the globe. Horizon Scan, an annual research report, is a tool used by those working in the fields of business continuity and risk or resilience, according to BCI’s community engagement manager David West.

Crisis management | Cyber attack a top threat to businesses, study shows

SWIFT technicians blamed for Bangladesh bank vulnerabilities

BangladeshIT News — Bangladeshi police investigating a US$81 million (A$110 million) cyber heist on the country’s central bank have claimed errors made by SWIFT technicians left the financial institution vulnerable to attack.


Android security bug threatens millions of devices

APACIT News — Security researchers have uncovered a bug in Google Android devices that could leave potentially millions of smartphone and tablets manufactured over the last five years open to attack. FireEye’s Mandiant security research team discovered the exploit last December but went public with its findings for the first time today.


Microsoft’s latest security report finds that vulnerbility disclosures are on the up

APACThe Inquirer — The Security Intelligence Report (SIR. ) is out now and shows that threats are not going away, but also that when they come, Microsoft is usually in a place to deal with themTim Rains, director of security at Microsoft, said that this 20th issuance adds new features, these being a focus on a new attack group called PLATINUM which is posing a problem, and a new section dedicated to tackling password protection in the cloud.

Shared knowledge can mitigate Singapore cyberthreats

SingaporeMIS Asia  — Leaders must go beyond managing cybersecurity resources, and actively sharing knowledge, expertise, and best practices to collectively build their defences. A new whitepaper by LogRhythm indicates Singapore to be a prime target for cybercrime due to its strategic position as a regional trade and banking hub.


Researcher finds backdoor on Facebook server

APACIT News — A security researcher has earned a top bug bounty from Facebook after discovering vulnerabilities and a backdoor on a server operated by the social network that led to hundreds of staff passwords being captured by an unknown hacker. Orange Tsai, of Taiwanese security vendor Devco.re, scanned Facebook’s IP address space and found a domain name that piqued his interest.


Researchers trace hackers’ way in to Bangladesh Bank

BangladeshIT News — Security researchers have uncovered new insights into how attackers were able to compromise the SWIFT software platform used by the Bangladesh central bank to steal US$81 million (A$107 million). SWIFT, a cooperative owned by 3000 financial institutions, confirmed it was aware of malware targeting its client software.


India becomes hot spot for cyber-criminals: Symantec Report

IndiaEnterprise Innovation — India has become the third most favourite destination for financial Trojan infections globally. Global software company Symantec’s Internet Security Threat Report suggests that Indian enterprises were the sixth most targeted globally by cyber-criminals, with victim firms often being subjected to at least two attacks.


The state of cybersecurity in the Philippines

PhilippinesRappler — MANILA, Philippines – The Philippine government seems to be a favorite target of hacking, given the number of defaced websites in recent years. Following in the footsteps of so-called hacktivists, some have resorted to breaching systems to voice their concerns to government.


Cybercriminals zeroing in on Singapore banks

SingaporeAsia One — Banks in Singapore are increasingly being targeted by cybercriminals, experts said, given the growing sophistication of the dark web that has developed into a bustling marketplace for malware, complete with money-back guarantees. While other financial centres – and certainly non-financial corporations – are also at risk, Singapore stands out as a significant number of banking customers read Chinese.


Online banking and plastic card-related fraud in India increases 35 percent

IndiaZDNet — The incidence of ATM, credit, debit card and net banking-related fraud has gone up by more than 35 percent between 2012-13 and 2015-16 in India, according to country’s federal bank Reserve Bank of India (RBI). According to RBI data, 8,765 cases were reported by banks in 2012-13 and the corresponding figures for subsequent three years were 9,500 (2013-14), 13,083 (2014-15) and 11,997 (in the first nine months of 2015-16) respectively. India ranked third after Japan and the US as countries most affected by online banking malware in 2014.


Massive data breach exposes 55 million Philippine voters to risks

PhilippinesEnterprise Innovation — The Philippines’ 55 million voters are now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Commission on Elections (Comelec) last month, security firm Trend Micro has warned. The defacement of the Comelec website by a hacker group called Anonymous Philippines happened at near midnight on March 27.


No cyber attack response strategy at most Indian companies

IndiaTimes of India — MUMBAI: Most top executives at Indian companies have no strategy to react to a cyberattack, cyberwar games held earlier this year by consultancy firm EY showed. EY ran a cyberattack simulation for 79 CEOs sitting in one room and they struggled to come to a consensus on whom to call first if their firm was hacked.


Japan’s Achilles Heel: Cybersecurity

JapanThe Diplomat — Cyber is a relatively new realm of security that states across the world have to contend with. From deciding what constitutes an “attack” to what constitutes a “proportionate response,” many states are still struggling to understand this new sphere. Such issues require international cooperation to establish new norms, and in a parallel effort, states are doing as much as they can unilaterally to defend themselves. However, Japan, in particular, is still lagging.


Turkey to probe massive ‘personal data leak’

APACChannel News Asia — ISTANBUL: Turkey’s authorities launched a probe Wednesday into a leak of the personal data of some 50 million Turkish citizens, the latest breach to expose weaknesses in the country’s information security. The massive database – containing Turks’ names, identity numbers and addresses – was posted online by hackers earlier this week along with sharp jabs at the country’s leadership.


RBI beefs up cyber security, post Bangladesh bank heist, from IN

IndiaMBAI: Reserve Bank Governor Raghuram Rajan today said the country has taken enough preventive measures following a recent $951-million cyber heist scandal involving the Bangladesh central bank. “What happened in Bangladesh is certainly a source of concern for all of us, and we have taken some measures and are continuing to understand better what actually happened so that we can further our measures,” Rajan told reporters.


Google plugs 15 critical security holes in Android update

APACIT News — Google’s April collection of security updates for its Android mobile operating system takes care of no fewer than 15 vulnerabilities rated as critical, the company said. As with past security alerts, the mediaserver component of Android has emerged as one of the most vulnerable.


VN network security at high risk: experts

VietnamVietnam Net — The event aims to set up security measures, ensure information security for e-Government, propose measures to protect enterprises’ databases and curb data leaks. Thinh attributed the increasing number of attacks to serious security loopholes that have not been repaired on most electronic websites and information portals.


Citizen Lab adds Tencent QQ to browser hall of shame

ChinaZDNet — The QQ browser from Tencent has been found by Citizen Lab, a research group within the University of Toronto, to be transmitting personally identifiable data with little or no encryption, leaving users open to man-in-the-middle data collection. In its findings, Citizen Lab said that QQ is also vulnerable to arbitrary code execution thanks to an insecure update process.


Bangladesh central bank considers suing NY Fed over $107m hack

BangladeshIT News — Bangladesh’s central bank has hired a lawyer in the US for a potential lawsuit against the New York Federal Reserve after unknown hackers stole US$81 million (A$107 million) from its account.  In one of the largest cyber heists in history, the hackers breached the computer systems of Bangladesh Bank (BB) in early February and succeeded in issuing instructions to the New York Fed to transfer US$81 million to accounts in the Philippines.


Bangladesh asks FBI for help investigating central bank heist

BangladeshIT News — Bangladesh has formally sought assistance from the US FBI to track down the cyber crooks who stole US$81 million (A$107 million) from its central bank’s US account. Unknown hackers breached the computer systems of Bangladesh Bank in early February and attempted to steal US$951 million from its account at the Federal Reserve Bank of New York, which it uses for international settlements.