IT Security News Blast 1-5-2017

‘Security Operations Center’ Approach Is Fail-Safe Against Cyberattacks, CEO Says

With cyberattacks expected to be on the rise in 2017, a key line of defense will take the form of “security operations centers,” or SOCs. And with SMBs expected to be targeted more aggressively by the bad guys, making the SOC approach affordable is going to be essential. […] The biggest challenge in the security world right now is getting people with expertise, and mid-size organizations find it problematic to both hire and keep people with the right expertise.

http://www.itbusinessedge.com/blogs/from-under-the-rug/security-operations-center-approach-is-fail-safe-against-cyberattacks-ceo-says.html

IoT in 2017: Why usage is going to grow, despite the security risks

“When it comes to IoT adoption, pragmatism rules,” said Laura DiDio, research director at 451 Research and lead author of the study. “Enterprises currently use IoT for practical technology purposes that have an immediate and tangible impact on daily operational business efficiencies, economies of scale and increasing the revenue stream.” However, the security of IoT devices remains very much a concern, with half of respondents revealing that cybersecurity is the top impediment to IoT deployments within the enterprise.

http://www.zdnet.com/article/iot-in-2017-why-usage-is-going-to-grow-despite-the-security-risks/

A visual map of emerging cybersecurity trends

Affinio extracts insights from web, mobile, and social media data. The company’s algorithm grabs snapshots of naturally-forming user clumps and communities, then visualizes how each group is connected. For example, unsurprisingly, health care experts tend to communicate online with other health care experts. Affinio analysis shows that health care experts also communicate with information experts, tech news consumers, and digital marketers.

http://www.techrepublic.com/article/a-visual-map-of-emerging-cybersecurity-trends/

Hackers could turn your smart meter into a bomb and blow your family to smithereens – new claim

Smart meters can communicate with networked devices inside homes, such as air conditioners, fridges, and the like. A hacker who could infiltrate the internet-connected meters could control those gadgets and appliances and potentially unlock doors. They could also manipulate the meter’s code to cause fires, something that’s trivially easy using mains supplies, Rubin claimed. You’d be forgiven for thinking fuses would prevent a blaze, although the researcher is convinced the hardware can be tricked into exploding.

http://www.theregister.co.uk/2017/01/04/smart_metres_ccc/?mt=1483571399263

NIST finalizes cyberattack recovery guidance

“Organizations used to focus their information security efforts on cyber event protection, but adversaries have modified their attack techniques to make protection much more difficult, including taking advantage of weaknesses in processes and people as well as technologies,” the publication says. “The number of cyber events continues to increase sharply every year leading to a widespread recognition that some cyber events cannot be stopped.”

https://gcn.com/articles/2017/01/03/nist-attack-recovery-guide.aspx

Ransomware Campaign Targets HR Departments

The campaign, Check Point researchers reveal, targets German speakers and features a cover letter in a non-malicious PDF as attachment, meant to trick the potential victim into believing that the email might be legitimate. However, there is a second attachment that features malicious intent: a macro-enabled Excel file. The victim is lured into enabling the macro and, as soon as that happens, the code inside the macro initiates the file-encryption process, ultimately denying the user access to their files.

http://www.securityweek.com/ransomware-campaign-targets-hr-departments

The FTC’s Internet of Things (IoT) Challenge

One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

https://krebsonsecurity.com/2017/01/the-ftcs-internet-of-things-iot-challenge/

Cybersecurity Stocks for 2017

Investors were drawn to cybersecurity stocks in 2016 in light of headline-making data breaches and a heightened demand for cloud and Internet of Things (IoT) protection. But at the same time, many cybersecurity stocks suffered from increasing competition, slowing sales growth and low profitability as they evolved to meet the demands of a disrupted sector. While various stocks are set to benefit from a sustained and continuing demand for cybersecurity solutions, analysts, on average, see industry pioneers Symantec Corp. (SYMC) and Palo Alto Networks Inc. (PANW) as positioned to maintain their competitive edge into the new year.

http://www.investopedia.com/news/cybersecurity-stocks-2017/

Costin Raiu on the Importance of Using YARA [Podcast]

Ryan Naraine talks with Costin Raiu, the Global Director of GReAT at Kaspersky Lab, about the benefits of taking the YARA training class available at SAS 2017.  Listen to learn about how YARA can be used in malware hunting, data analysis and incident response activities.

https://threatpost.com/costin-raiu-on-the-importance-of-using-yara/122847/

Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcomm

The Android Mediaserver component has been patched nearly three dozen times since the Stagefright vulnerability was discovered in August of 2015. Along with the Mediaserver RCE vulnerability, Google identified several other flaws within the Mediaserver component such as (CVE-2017-0390) a denial of service vulnerability (CVE-2017-0387) and an elevation of privilege vulnerability – both classified as high risk.

https://threatpost.com/google-patches-29-critical-android-vulnerabilities-including-holes-in-mediaserver-qualcomm/122852/

Why you should re-engineer your approach to Identity and Access Management

IAM was historically driven by compliance and user provisioning. It had a very limited scope of coverage in terms of applications, a low return on investment and provided very restricted controls and views of access. This has evolved to become far more driven by risk and user entitlement. Application coverage has also increased greatly and the visibility is far superior today than it ever has been. IAM is changing and moving towards a capability and business enablement driven requirement, with further progression of application and technology support.

http://www.itproportal.com/features/why-you-should-re-engineer-your-approach-to-identity-and-access-management/

‘Anti-drone’ burqa designer unveils camouflage clothing project to dupe facial recognition (VIDEO)

Adam Harvey, in collaboration with New York studio Hyphen Labs, has put forward a way to throw off facial recognition with specially designed clothing and textiles. The project, dubbed Hyperface, has been described as a “new kind of camouflage”  to reduce the confidence score of facial detection.  Basically, Hyperface operates in an ‘I’m Spartacus’ way, in that instead of concealing your face, it overloads facial recognition programmes with multiple false faces through patterns printed on clothing.

https://www.rt.com/viral/372683-hyperface-burqa-facial-recognition/

This might be the solution that changes smartphones forever

We already have phones that can be unlocked with either a fingerprint or a face or iris scan, but Synaptics came up with an all-in-one system that makes use of both these technologies for an extra layer of security. The company already announced it has a solution to embed a fingerprint sensor into a smartphone display — a feature that will be seen in at least one new smartphone this year — and the new announcement reveals the company is looking to take personal data security to a whole new level.

https://www.yahoo.com/tech/might-solution-changes-smartphones-forever-155456471.html

Google Researcher Finds Certificate Flaws in Kaspersky Products

“The cache is a binary tree, and as new leaf certificates and keys are generated, they’re inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent,” the expert added. The problem, according to the researcher, was that the 32-bit key was not enough to prevent a man-in-the-middle (MitM) attacker from creating collisions. The expert said an attacker could have intercepted all traffic to a certain domain (e.g. mail.google.com) by sending the targeted Kaspersky Antivirus user two certificates with the same key.

http://www.securityweek.com/google-researcher-finds-certificate-flaws-kaspersky-products

Cybersecurity Expert Is Convinced Russia Was Behind DNC Hacking

Donald Trump has said the source of the Democratic Party hack is hard to prove. Cybersecurity expert Matt Tait was initially skeptical, but tells David Greene he is sure now the culprit was Russia.

http://www.npr.org/2017/01/04/508151142/cybersecurity-expert-is-convinced-russia-was-behind-dnc-hacking

Trump claims his briefing on Russian cyberattacks was delayed, but US intelligence officer says otherwise

“The ‘Intelligence’ briefing on so-called ‘Russian hacking’ was delayed until Friday, perhaps more time needed to build a case. Very strange!” Trump said on Twitter. A senior US intelligence official immediately countered Trump’s claim, however, NBC News reported, saying the briefing with the heads of the NSA, the CIA, the DNI, and the FBI was “always” scheduled for Friday.

http://www.businessinsider.com/trump-mocks-intelligence-officials-russian-cyberattack-2017-1

Law firms subject to same cyber risk as others, but is compliance required?

Somehow law firms have escaped being subject to the same legal compliance mandates that many other businesses must adhere to. The American Bar Association has certainly visited this issue and stated the following in 2013. Many firms are now asking, “What do we do to keep our systems and data safe? How can we keep this from happening to us?” There is a simple answer to this question: Hire a chief information security officer, give him or her a budget to hire the staff needed to build and maintain an enterprise security program (ESP), and exercise appropriate governance over the firm’s digital assets.

http://www.csoonline.com/article/3154094/internet/law-firms-subject-to-same-cyber-risk-as-others-but-is-compliance-required.html

Here’s How DoD Aims to Grow its Own Hackers

Finding hackers in uniform is like finding a needle in a haystack. To find them, the Air Force starts with a challenging assessment test that weeds out 99 percent of test takers. “The smartest people I know take this assessment and don’t pass,” Weiner told a packed room full of cyber and training professionals at the Interservice/Industry Training, Simulation and Education Conference late last month. It follows with rigorous training that weeds out half of the select few who qualify.

https://www.govtechworks.com/heres-how-dod-aims-to-grow-its-own-hackers/#gs.JHfFKoQ

Fed up with their employer’s scam, two Indian call center workers called FTC

Last year’s unraveling of the massive India-based telephone scam ring may have been helped by a phone call to a Federal Trade Commission lawyer. According to a Tuesday report in The New York Times, the bust seemingly was aided by the efforts of two teenage employees from one of the companies. The pair blew the whistle on their former employer, the Phoenix 007 call center that’s based outside of Mumbai. The workers reached Betsy Broder of the FTC after being shuffled from the Internal Revenue Service’s main switchboard.

http://arstechnica.com/tech-policy/2017/01/two-india-based-call-center-employees-blew-whistle-on-massive-phone-scam/

Latest WhatsApp Scam Infects Users with Banking Malware

Hackers are attacking two key organizations in India to compel users to click on the word documents attached in the malicious WhatsApp message. This message has names of two major organizations of India namely National Defense Academy/NDA and National Investigation Academy/NIA. These files are in Excel format mainly but versions of these files in Word and PDF formats have also been identified. Authorities in India have already issued security alerts to the concerned authorities since it is being speculated that this new campaign attacks law enforcement authorities and military personnel in the majority.

https://www.hackread.com/whatsapp-scam-users-banking-malware/

//]]>