ICYMI: €50 m cyber-fraud; Codoso back; MS/US gov clash; Adultery extortionists; Apple's encryption key
The latest In Case You Missed It (ICYMI) looks at €50 m aeroplane cyber-fraud; Chinese cyber-espionage returns; MS resists US claim on data; Extortion of Ashley Maddison members; Apple iCloud Backup insecure.
Cyber-fraud - whale-phishing blamed
Facc AG, an Austrian manufacturer of aeroplane parts, has admitted in its third quarter financial report that cyber-criminals targeted the firm's accounting department and managed to defraud it of €50 million (£38 million). It is suspected that senior staff may have been victims of 'whale-phishing'. More
Palo Alto Networks reporting Chinese cyber-espionage group Codoso - which carried out the attack on Forbes.com - is back in action after going silent for three months. Test results looking into unknown malware and attack campaigns indicate Codoso's sophisticated tactics and tools: the group has been linked to leveraging zero-day exploits in combination with watering hole and spear-phishing attacks. More
Following Microsoft's December 2013 refusal to hand over emails held on a server in Ireland, demanded by the US Federal government, repeated in April 2014, when a federal judge ordered Microsoft to provide the records, Microsoft was found in contempt of court. The case now sits in a US appeals court, awaiting a decision by a more senior judge. Microsoft says that the US has no power to ask for that data, as it is held in another country and well outside of its jurisdiction. More
Since the Ashley Madison breach, some US users of the infidelity service have received blackmail letters via the US postal system from extortionists threatening to reveal their secret to family, friends and colleagues. In an extortion letter forwarded to security writer Graham Cluley, the unknown extortionist asked for US$ 2,000 (£1,400) worth of Bitcoin, giving 10 days to pay. More
If an Apple device user enables iCloud Backup on their Apple device, copies of all messages, photographs and data including iMessages are encrypted on iCloud using a key controlled by Apple and not the user. This allows Apple - and anyone who breaks into their account - to see all personal and confidential data. Apple allows users to switch off iCloud Backup whenever they want, but it doesn't offer a way to locally encrypt iCloud backups. More