September 29, SecurityWeek – (International) Syrian Electronic Army member pleads guilty to hacking, extortion. A member of the Syrian Electronic Army (SEA) hacker group pleaded guilty to Federal charges for his role in an extortion scheme where he and another SEA member breached the systems of various organizations in the U.S. and other countries and threatened to damage their computers and data unless a ransom was paid. The FBI is searching for two other suspects involved in the extortion scheme. Source
September 27, SecurityWeek – (International) Apple confirms weakened security in local iOS 10 backups. Apple confirmed an issue affecting the encryption strength for local backups of devices running on operating system (iOS) 10 after ElcomSoft security researchers discovered a bug in iOS 10 that makes local backups more susceptible to brute-force attacks than previous operating systems by allowing for 6,000,000 passwords to be attempted per second, while iOS 9 only allowed for 2,400 passwords to be attempted per second. Apple officials stated a patch for the flaw would be released in an upcoming update. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
September 29, Dark Reading. Researchers Shoot Down Yahoo Claim Of Nation-State Hack. InfoArmor says the attackers who stole a half-billion Yahoo user accounts were seasoned cybercriminals who later sold the booty to an Eastern European nation-state. The Yahoo data breach saga took a new turn this week as a team of researchers from InfoArmor yesterday published new findings that the massive breach of some 500 million Yahoo customer accounts came at the hands of a cybercrime group, not a nation-state as Yahoo has stated. Source