October 8, Securityweek – (International) New collision attack lowers cost of breaking SHA1. A team of experts from Centrum Wiskunde & Informatica in Europe, Inria in France, and Singapore’s Nanyang Technological University discovered that hackers could execute a “freestart collision” attack to break the full secure hash algorithm 1 (SHA1) cryptographic hash function within 10 days for a cost of $75,000 - $120,000 using graphics cards and computing power from Amazon’s EC2 cloud. Previous research estimated that the cost to break the algorithm would be approximately $700,000 in 2015 and $173,000 in 2018. Source
October 8, Softpedia – (International) Operation Cleaver hackers return, now used LinkedIn to target victims. Security researchers from Dell’s SecureWorks Counter Threat Unit Threat Intelligence team discovered that a group that they observed chemical, energy, government, education, and telecommunications organizations worldwide, appear to be the same or affiliated the group who carried out Operation Cleaver in 2014, which targeted critical infrastructure points worldwide. Source
October 8, IDG News Service – (International) Journalist convicted of helping Anonymous hack the LA Times. A California journalist who previously worked for Reuters was convicted October 7 for his role in a conspiracy to make unauthorized changes to a computer and the transmission of malicious code on the Los Angeles Times’ Web site by passing login credentials enabling access to a content management system to an Anonymous hacking group member in December 2010. Source
October 7, Securityweek – (International) Developers of mysterious Wifatch malware come forward. The group behind the “benevolent” Linux.Wifatch malware that was observed infecting tens of thousands of routers, Internet Protocol (IP) cameras, and other devices with the apparent purpose of protecting them, published the Wifatch source code and revealed themselves as “The White Team,” claiming it was an altruistic project. Source
October 8, CNET – (International) Samsung says customer payment data not affected by hack attack. Samsung released a statement October 8 reassuring customers that no payment data was at risk following a March hacking incident involving LoopPay, a company that Samsung acquired to set up Samsung Pay. The attack reportedly only targeted LoopPay’s office network handling email, file sharing, and printing, and was possibly intended to steal the magnetic strip technology that the company developed. Source