April 3, Help Net Security – (International) Mozilla revokes trust for CNNIC certificates. A spokesperson at Mozilla announced that the company will no longer allow its products to recognize digital certificates issued by the China Internet Network Information Center (CNNIC), following an incident during the week of March 23 in which an intermediate certificate authority (CA) operating under CNNIC issued a number of unauthorized digital certificates for Google domains. The company will ask CNNIC to provide a list of current valid certificates to make public. Source
April 2, Securityweek – (International) DoS vulnerabilities patched in Cisco Unity Connection. Cisco patched several vulnerabilities in its Unity Connection in which attackers could have caused denial-of-service (DoS) conditions on systems configured with Session Initiation Protocol (SIP) trunk integration by exploiting flaws in the Connection Conversation Manager (CuCsMgr), a flaw in the handling of abnormally terminated SIP conversations, and a resource allocation flaw that can allow attackers to block all SIP connection lines. Source
April 2, Reuters – (International) IBM uncovers new, sophisticated bank transfer cyber scam. Security researchers at IBM discovered a sophisticated fraud scheme dubbed “The Dyre Wolf” in which cybercriminals infect users’ systems with the Dyrmalware to trick individuals into initiating large wire transfers with criminals posing as bank employees over the phone, before moving the funds from bank to bank and using denial-of-service (DoS) attacks to avoid detection. The scheme has caused losses of over $1 million from multiple large- and medium-sized companies in the U.S. Source
April 1, U.S. Department of Justice – (International) Fourth member of international computer hacking ring pleads guilty to hacking and intellectual property theft conspiracy. An Indiana man pleaded guilty to charges surrounding his role in an international hacking ring that gained unauthorized access to computer networks of companies including Microsoft Corp., Epic Games Inc., Valve Corporation and ZomStudios, and stole unreleased software, source code, trade secrets, copyrighted works and financial and other sensitive information. The hacker admitted to transmitting approximately 11,266 log-in credentials from one company, and total losses from the scheme were estimated to range from $100 – $200 million. Source