Security

Hackers behind the Bangladesh bank heist created malware to compromise the SWIFT financial system. Security researchers said the malware allowed attackers to modify a database logging the bank’s activity over the SWIFT network, to delete records of outgoing transfer orders and to intercept incoming transfer confirmation messages, and to manipulate both account balance logs and a printer used to make hard copies of the transfer orders.

A security researcher looking for flaws in Facebook's internal network has found traces of another intruder who got into the system first.

The hacker, or hackers, had access to Facebook's internal system for several months, giving them access to hundreds of employee usernames and passwords, explained researcher Orange Tsai in a blog post published last week.

Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.

While your brain on drugs may be analogous to a fried egg, your brain on Instagram may be like a super-secure form of identification, researchers report in a new study. Fingerprints are so twentieth century. The authors envision future security systems that authenticate or grant access by monitoring a user’s brain while looking at random pictures, such as snapshots of Anne Hathaway or a slice of pizza.

The Australian government is watching and has the means to launch a cyber attack.

On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers.

Vectra Networks has today announced the results of its latest Post-Intrusion Report (attached), a real-world study about threat behaviour that evade perimeter defences. It has shown that cyber attackers are getting quieter once inside the network, with use of covert attack communications on the rise.

The report analysed data from 120 Vectra customer networks comprised of more than 1.3 million hosts over January to March this year. All organisations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration.

The malicious hackers developing exploit kits, designed to help online criminals break into computers systems and spread malware, are keener on exploiting Adobe Flash than any other software.

That’s one of the findings of NTT Group’s newly-published “Global Threat Intelligence Report”, which has noted a marked switch in recent years as hackers have switched from exploiting Java vulnerabilities to targeting Adobe Flash Player instead.

A group of Melbourne lock-pickers have forged a creative method for popping so-called restricted locks by 3D printing keys found on freely-available designs on patent sites.

The feat demonstrated at the BSides Canberra security conference last week is a combination of opportunistic ingenuity and lock-picking mastery, and will be warmly-received by red team penetration testers and criminals alike.

MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) claim they have trained a machine-learning system to detect 85 per cent of network attacks.

To reach that level, the software, dubbed AI2 [PDF], parsed billions of lines of log files, looking for behaviors that indicate either a malware infection or a human hacker trying to get into a network. If it spotted any suspicious connections or activity, it alerted a human analyst, who identified whether the software got it right or wrong.

The hacker who claims responsibility for the flaying of Italian spyware-for-States firm Hacking Team says the vulnerability they used is yet to be patched and has detailed the process by which they claimed to have gained access to the huge trove of data and documents later dumped online.

The details are contained in a post broadcast from their known (Twitter account) but the veracity of the claims cannot be verified.

Hacking Team has been contacted for comment.