Cyber Security News Update 2/9/2018

The crypto currency craze is still going strong, even as they crypto currencies seemingly become more volatile everyday. It would seem no one is immune to the allure of a high value, hard-to-trace good like crypto currencies; two Russian scientists working at a secret Russian nuclear weapons facility attempted to use the super-computer to mine Bitcoin. The computer located at the Federal Nuclear Centre is extremely powerful, it’s reportedly capable of performing 1,000 Trillion calculations a second (for comparison the Intel i7-7700k can perform 27 Million per second). This extremely powerful computer, which is kept in an extremely secret facility (it’s not on any maps, and requires special permission to visit), is air gapped. The scientists decided to connect it to the outside world, which immediately alerted the Federal Security Service (FSB) to what was going on. They were promptly arrested and there is now an ongoing criminal investigation going on. It’s currently unclear on whether or not the computer was actually connected to the outside world or not. If it was connected to the world, even for a few seconds, it should be checked for viruses and other malware. Gaining access to a super-computer inside a nuclear weapons facility is probably the dream of cyber-commandos everywhere. Also of note, this isn’t the first time industrial resources have been turned to crypto currency mining in Russia; two power plants were supposedly bought for the purpose of turning them into crypto currencny miners.
Source: Russian nuclear scientists arrested for ‘Bitcoin mining plot’

Insurance is a personal business. Your medical record, as well as other private information, is kept by your insurance company so they can build a better model. Which is why insurance companies usually take their security seriously, any mistakes can create huge liabilities for the company and its customers. Unfortunately, things don’t always go perfectly; a misconfiguration of a NAS server caused customer data to be visible. This opening allowed anyone to access the social security number, address, phone number, age, sex dates of birth, bank accounts associated with the insurance, and other information easily. It hasn’t been reported whether or not anything was actually stolen, but if your insurance policy is through the Maryland Joint Insurance Association be sure to watch for any suspicious activity.
Source: INSURANCE CUSTOMERS’ PERSONAL DATA EXPOSED DUE TO MISCONFIGURED NAS SERVER

Apple’s iBoot software was leaked and the tech giant is attempting damage control by saying the software is out of date and doesn’t pose a security threat. While the iBoot software is three years out of date, that doesn’t mean it poses no danger. Old software can be used to find weaknesses in new software, especially if there haven’t been any major changes or updates. Letting someone have your old code to play with is more dangerous than that same person with nothing to work with or test. Old software can be compared to new software, their responses measured and compared until a working model of the new software is complete. Apple should ensure that their new iBoot software has none of the security flaws it used to and that the new iBoot is airtight.
Source: APPLE DOWNPLAYS IMPACT OF IBOOT SOURCE CODE LEAK

Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.