Security Central: Hackers Triumph and Falter (But Mostly Triumph)

By Chris

It seems more social networking sites have sprung data leaks.

On Monday, the BBC reported that hundreds of millions of MySpace and Tumblr accounts – stolen in separate breaches in 2013 – have been put up for sale. A whopping 360.2 million MySpace credentials (email addresses and passwords) and at least 65 million Tumblr IDs have been compromised. According to the report, a bulk of stolen IDs from Fling, an adult dating website, has also been released. The timing of these leaks seems suspicious, although experts have yet to confirm whether or not the events are in fact related. 

Additionally, a zero-day vulnerability targeting various Microsoft Windows OS iterations (Windows 2000 to Windows 10) is up for sale on an underground Russian forum for $90,000. In Tuesday's blog post, Trustwave security experts relayed the discovery of the exploit, known as a Local Privilege Escalation (LPE) vulnerability. The blog warns readers that zero days are no longer exclusively sold "in the shadows" but are also popping up in open forums.

Cyber criminals seem to be growing in confidence with every month, though not all are getting away with it. This week, Russian authorities reported that a group of 50 hackers responsible for a series of cyber attacks on various banks have been arrested. According to Reuters, at least $25.33 million was stolen from Russian financial institutions through malware attacks. A criminal case has been opened against the arrested individuals with charges of organized crime and computer fraud. According to the report, the Russian interior ministry disclosed that 18 cyber attacks on financial lenders have been registered since mid 2015, resulting in combined losses of nearly $45 million.

It's safe to say that the global financial industry is experiencing a relentless onslaught of cyber attacks. In May, global financial messaging network SWIFT made headlines again with continued cyber breaches. The network is still facing scrutiny after an attack in February resulted in the loss of $81 million from a Bangladeshi central bank. The U.S. central bank, too, is faced with troubling statistics of cyber attacks. According to a Reuters report released this week, the Federal Reserve identified more than 50 cyber breaches between 2011 and 2015 alone.

As the financial industry continues to combat cyber threats, technology vendors are working overtime to fortify security from the get-go. On the mobile front, we saw a particularly interesting product emerge this week.

On Tuesday, startup Sirin Labs unveiled what it claims to be a first-of-its-kind Android smart phone. The phone, dubbed Solarin, is designed for the "international business person who carries a lot of sensitive information but doesn't want to compromise on usability, quality or design." As such, it comes with state-of-the-art protection against mobile attacks and military-grade encryption from Zimperium and KoolSpan, respectively.

According to Sirin Labs, the phone underwent more than two years of R&D to reach a perfect combination of security and performance. But be aware that this type of security doesn't come cheap. In fact, the Solarin will set you back a whopping $14,000 (taxes not included).