September 22, 2017
China's Central Bank Tells Banks to Stop Doing Business with North Korea – China and North Korea
China’s central bank has told banks to strictly implement United Nations sanctions against North Korea, four sources told Reuters, amid U.S. concerns that Beijing has not been tough enough over Pyongyang’s repeated nuclear tests. Tensions between the United States and North Korea have ratcheted up after the sixth and most powerful nuclear test conducted by Pyongyang on Sept. 3 prompted the United Nations Security Council to impose further sanctions last week. Chinese banks have come under scrutiny for their role as a conduit for funds flowing to and from China’s increasingly isolated neighbor. The sources said banks were told to stop providing financial services to new North Korean customers and to wind down loans with existing customers, following tighter sanctions against Pyongyang by the United Nations.
The U.S. Securities and Exchange Commission Reveals EDGAR Database Was Hacked – United States
Following months of public revelations about security breaches big and small, the U.S. Securities and Exchange Commission (SEC) announced that hackers had previously breached its own cache of files on publicly traded companies, possibly leading to their illegal profit. Late Wednesday, SEC Chairman Jay Clayton released an eight-page statement on cybersecurity that describes a 2016 system breach of EDGAR, a platform which pools detailed financial reports on publicly traded companies that they're required by law to release. According to Clayton, the company didn't discover until last month that the breach could have provided the information needed to make illegal trades. He said the hack resulted from a "software vulnerability" in the system's test-filing component that "[was] exploited and resulted in access to nonpublic information.” Clayton also commented, “Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems.”
Malware Uses Security Cameras with Infrared Capabilities to Steal Data – Global
Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators. Named aIR-Jumper, the malware is meant to be installed on computers that interact with security surveillance cameras/software, or on a computer in the same network with the camera, so the attacker can have a way to hack his way into the device. The malware works by taking data collected from an infected computer, breaking it down into binary ones and zeros, and leveraging the camera's API make the device's infrared LEDs blink, using this mechanism as a way to exfiltrate data from an infected network. An attacker sitting in the range of the security camera's infrared LED will be able to record the blinking and use special software that reconstructs the blinks and pauses into the ones and zeros of the stolen data. Similarly, an attacker can use an infrared LED to send new commands to a security camera inside an infected network. The malware can watch the camera's video feed, detect infrared LED transmissions at preset time intervals, and convert the incoming blinks into new commands it has to execute. Surveillance and security cameras are equipped with infrared LEDs as a way to enable night vision. Because infrared light is imperceptible to the human eye, any communications to and from the compromised network are invisible to all bystanders.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!