IT Security News Blast 3-16-2017

Becky Bace’s passing hits cybersecurity community hard

Julian Waits, president and CEO of SAIFE, called Bace “both a maverick and a catalyst for women in cybersecurity” in a Tuesday tweet, joining many of her friends and colleagues who remembered her for her expertise, sense of humor and famed “Curmudgeon Dinner.” Widely respected as a security technology expert, author and entrepreneur, Bace was a venture consultant for Trident Capital and a long-time chief strategist of the Center for Forensics, Information Technology and Security – an organization designed to promote the advancement of knowledge related to the study and application of digital forensics and information technology security and assurance that is supported in part by the School of Computing of the University of South Alabama.

https://www.scmagazine.com/becky-baces-passing-hits-cybersecurity-community-hard/article/644432/

Biennial Women in Cybersecurity Report Reveals that Female Representation in Industry Remains Stagnant

“It’s disappointing to see that the number of women in the cybersecurity workforce continues to remain low,” said David Shearer, CEO, the Center for Cyber Safety and Education and (ISC)²®. “We must encourage young women; help them to see that information security is a challenging, lucrative and exciting career field. We must also promote women into leadership positions, and pay them at levels that are equal to their male counterparts. There is a large shortage of skilled cyber professionals, and women are a valuable resource that can help to bridge that gap.”

http://www.prnewswire.com/news-releases/biennial-women-in-cybersecurity-report-reveals-that-female-representation-in-industry-remains-stagnant-300423725.html

City Of Tacoma To Pay $50,000 To Privacy Activist For Over-Redacting FBI’s Stingray Non-Disclosure Agreement

The lawsuit was filed under the state’s open records law, with Mocek challenging the Tacoma PD’s use of the “investigative records” exemption to withhold significant amounts of a mostly bog-standard nondisclosure agreement. […] This unjustified secrecy is going to hurt the city (and its taxpaying residents) a few more times. The Tacoma New Times points out there are several pending lawsuits dealing with the same Stingray documents, including one filed by the ACLU. The city says it won’t seek reimbursement from the federal government for fines and fees, but maybe it should, especially if it’s going to blame the FBI for the Tacoma PD’s secrecy.

https://www.techdirt.com/articles/20170309/10273436882/city-tacoma-to-pay-50000-to-privacy-activist-over-redacting-fbis-stingray-non-disclosure-agreement.shtml

6-month-old dies after babysitter couldn’t reach 911

Since November, when some T-Mobile customers have dialled 911 their phones have been spontaneously making multiple calls, clogging the system, city officials said. Police are now investigating whether the issue led to the death of Brandon Alex on Saturday. His babysitter said that she dialed 911 multiple times without getting an answer. The 911 operators returned each of the babysitter’s calls but could not reach her, city officials said. […] While no other carriers appear to be experiencing the “ghost calls” issue, AT&T wireless customers also reported having trouble contacting 911 in Dallas and other Texas cities on March 8. Police departments posted alternative numbers to call in case of emergency. AT&T tweeted later that day that the issue had been resolved.

http://www.cnn.com/2017/03/15/health/texas-baby-dies-911-issues-trnd/index.html

If you woke up and saw swastikas on Twitter, here’s why

Dozens of Twitter accounts were hacked Wednesday in an apparent large-scale cyber-attack. Many of the hacked posts were in Turkish and featured a swastika and the hashtags #Nazialmanya and #Nazihollanda. Among the affected Twitter accounts were the European Parliament, UNICEF USA, BBC North America and boxer Floyd Mayweather’s promotional account.[…] The hack came amid a diplomatic spat between Turkey, Germany and the Netherlands, after Dutch and German officials barred Turkish ministers from campaigning in parts of their countries. Those actions led Erdogan to say “Nazism is alive” in the West.

http://www.usatoday.com/story/news/world/2017/03/15/cyber-attack-targets-major-twitter-accounts/99199366/

WhatsApp blind-sided by booby-trapped photo vulnerability

The now-resolved vulnerability – discovered by security researchers at Check Point – would have allowed an attacker to send the victim malicious code hidden within an innocent-looking image. As soon as the user clicked on the image, the attacker would have been able to gain full access to the victim’s WhatsApp or Telegram storage data, thus giving them full access to the victim’s account. The flaw stemmed from a loophole in the way WhatsApp and Telegram verified content that created a means for hackers to create malicious content that side-stepped the pre-encryption verification process of the mobile messaging apps.

https://www.theregister.co.uk/2017/03/15/booby_trapped_photo_whatsapp_telegram_risk/

13 Infected Android Apps on Google Play Phishing Instagram Accounts

The purpose of these malicious apps was to look for Instagram credentials and transfer the information to a remote server. According to ESET security researchers, the campaign’s origins were located in Turkey, but some had English localization. This means the campaign is designed to target Instagram users around the world. It is quite disturbing that these malicious apps have already been downloaded and installed by around 1.5 million Instagram users across the globe. When ESET notified Google about it, the company quickly removed the 13 infected apps.

https://www.hackread.com/android-apps-malware-google-play-instagram-phishing-scam/

Anonymous Brazil Hacks Football Club for Hiring Goalkeeper Convicted of Murder

The online hacktivist Anonymous along with its counterparts in Brazil hacked and defaced the official website of Boa Esporte, a second division football club in the state of Minas Gerais. The website was defaced not once but twice where hackers left a deface page along with a message explaining why they have been targeted the site.

https://www.hackread.com/anonymous-hacks-football-club-site/

Nigerian Cybercrime Matures, Morphs

Cybercrime gangs out of West Africa are upping their seasoned social engineering game with more advanced scams like business email compromise (BEC) and targeting health savings accounts. […] As in other regions such as Eastern Europe where cybercrime is rampant, the growth in West Africa’s online scams correlates with an educated yet unemployed populace. Only half of the 10 million students who graduate from Africa’s nearly 670 universities each year find jobs, and West Africa law enforcement says half of the cybercriminals they see are unemployed.

http://www.darkreading.com/threat-intelligence/nigerian-cybercrime-matures-morphs/d/d-id/1328392

This Type of Cyberattack Was Almost Impossible to Detect. Until Now.

This class of cyberattack is not new; in 2008, researchers identified the “potentially catastrophic flaw in one of the Internet’s core building blocks,” as Dan Goodin wrote last year in ArsTechnica. But exploiting that flaw took a high level of skill. Until recently, there haven’t been many real-world incidents where attackers used file-less, in-memory attacks. But that’s changed: one recent report cited attacks on over 140 secured networks in 40 different countries– and those are just the ones that forensics teams were able to identify.

https://www.washingtonexec.com/2017/03/type-cyberattack-almost-impossible-detect-now/

Dutch voting guide sites offline in apparent cyber attack

Two publicly-funded websites used by Dutch voters to help them decide which party to vote for in their national election were inaccessible on Wednesday, apparently victims of a cyber attack. […] Organizers of Stemwijzer tweeted confirmation that their website was being subjected to a distributed denial-of-service, or ‘DDoS’ attack. […] It was not clear whether Wednesday’s attacks were related to a Dutch diplomatic row with Turkey that broke out over the weekend, which led to the temporary defacement of numerous small websites in the Netherlands.

http://www.reuters.com/article/us-netherlands-election-cyber-idUSKBN16M1C6

Challenges Ahead For New White House Cybersecurity Advisor

It appears that President Trump is poised to select Rob Joyce, currently chief of the National Security Agency’s secretive Tailored Access Operations (TAO), as his cybersecurity czar. […] “Throughout his presidential campaign, Trump made it clear he was no friend to industry or individual privacy rights. Trump’s appointment of Joyce can go one of two ways,” suggests Ajay Arora, CEO of Vera. “He can be used as a weapon for good or for evil. Bringing the chief hacker of the NSA into the White House is pretty scary considering he’s expressed his desire for backdoors to be built into security products and give government access to ‘improve national security.’ Giving him this much power, is like giving a teenager a flame thrower. You never know what to expect.”

https://www.forbes.com/sites/tonybradley/2017/03/14/challenges-ahead-for-new-white-house-cybersecurity-advisor/#abb53b12aea9

Dun & Bradstreet database breached, 33.6M files vulnerable

Hunt said the files are from a wide spectrum of government and private entities. The Department of Defense is most heavily represented with 101,013 files includes, followed by the U.S. Postal Service, ATT&T and Wal-Mart. The data points are very specific about each individual. Stating the person is a “soldier” with the position “ammunition specialist”, Hunt said. “We’ve been bombarded by news of state sponsored hacking recently and frankly, if I was a foreign power with a deep interest in infiltrating US military operations, I’d be very interested in a nicely curated list pointing me directly to hundreds of intelligence analysts,” Hunt wrote.

https://www.scmagazine.com/dun-bradstreet-database-breached-336m-files-vulnerable/article/644419/

Cyber attacks on e-wallets aim to steal data: Report

According to the data provided by global leader in content delivery network (CDN) services Akamai Technologies, hits to web pages on e-wallet companies grew from 512,115,015 per day in September to 1,264,470,283 per day in February in the country. […] “Nearly 94 per cent of attack attempts on mobile wallet companies were on the application layer (XSS and RFI attacks) with intent to steal business critical data,” the report added.

http://www.business-standard.com/article/news-ians/cyber-attacks-on-e-wallets-aim-to-steal-data-report-117031500348_1.html

D.C. Circuit Court Issues Dangerous Decision for Cybersecurity: Ethiopia is Free to Spy on Americans in Their Own Homes

The United States Court of Appeals for the District of Columbia Circuit today held that foreign governments are free to spy on, injure, or even kill Americans in their own homes–so long as they do so by remote control. The decision comes in a case called Kidane v. Ethiopia, which we filed in February 2014. […] Under it, you have no recourse under law if a foreign government that hacks into your car and drives it off the road, targets you for a drone strike, or even sends a virus to your pacemaker, as long as the government planned the attack on foreign soil.

https://www.eff.org/deeplinks/2017/03/dc-circuit-court-issues-dangerous-decision-cybersecurity-ethiopia-free-spy

Espionage risk to US heightened as China’s military presses its domestic tech firms

“It’s fairly obvious from patterns of industrial espionage that it isn’t always the government which has been, for example, seeking data on defense activities in the United States and Europe,” said Cordesman. He added that in some cases it appears “to be people with some kind of private sector or industrial ties.” Experts say the espionage organs in China set the priorities and come up with lists of targets. If a civilian company offers possible linkages to military companies, then the espionage leadership is likely to pursue those leads.

http://www.cnbc.com/2017/03/15/espionage-risk-to-us-heightened-by-china-military-innovation-push.html

US Charges 2 Russian Agents, 2 Hackers in Mass Yahoo Breach

One of the defendants, Karim Baratov, has been taken into custody in Canada. Another, Alexey Belan, is on the list of the FBI’s most wanted cyber criminals and has been indicted multiple times in the U.S. It’s not clear whether he or the other two defendants who remain at large, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom since there’s no extradition treaty with Russia. The indictment identifies Dokuchaev and Sushchin as officers of the Russian Federal Security Service, or FSB. But, McCord said, “I hope they will respect our criminal justice system.”

http://www.military.com/daily-news/2017/03/15/us-charges-2-russian-agents-2-hackers-mass-yahoo-breach.html

Cyber insurance advocates buoyed by disclosure requirements of draft Trump order

Advocates for an expanded cybersecurity insurance market are encouraged by the Trump administration’s focus on public disclosures and market-based incentives as drivers for cyber investments, based on recent draft versions of an executive order the White House is expected to issue within the next few days or weeks. President Trump’s decidedly anti-regulatory stance is reflected by the draft order’s approach to incentive publicly traded companies to invest in cybersecurity measures by reporting in ways that could be helpful for insurers[.]

https://insidecybersecurity.com/daily-news/cyber-insurance-advocates-buoyed-disclosure-requirements-draft-trump-order

There were more device searches at US border last month than all of 2015

In [fiscal year 2016], CBP processed more than 390 million arrivals and performed 23,877 electronic media searches. This equates to CBP performing an electronic search on 0.0061% of arrivals. This is an increase over the FY15 numbers when 4,764 electronic media searches were conducted, accounting for .0012% of arrivals. CBP officers processed 383 million arrivals in [fiscal year 2015]. […] As Ars reported previously, there is a very broad exception to the Fourth Amendment at the border that allows officials to conduct warrantless searches. If your device is locked or encrypted and you refuse to assist agents’ attempts to open it, the device can be seized.

https://arstechnica.com/tech-policy/2017/03/digital-device-searches-at-us-border-increased-fivefold-from-2015-to-2016/

The Silk Road’s Dark-Web Dream Is Dead

The Silk Road’s purported ideology of enabling only victimless crime has vanished. Fears of law enforcement surveillance, and suspected vulnerabilities in tools like Tor meant to protect the anonymity of site administrators have eroded the incentive to create a longterm trusted business. The result has been that the libertarian free-trade zone that the Silk Road once stood for has devolved into a more fragmented, less ethical, and far less trusted collection of scam-ridden black market bazaars.

https://www.wired.com/2016/01/the-silk-roads-dark-web-dream-is-dead/

Why are creepy SS7 cellphone spying flaws still unfixed after years, ask Congresscritters

On Wednesday, Senator Ron Wyden (D-OR) and Representative Ted Lieu (D-CA) sent an open letter [PDF] to Homeland Security Secretary John Kelly asking for an update on its progress in addressing the SS7 design shortcomings. It also asks why the agency isn’t doing more to alert the public about the issue. “We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the letter states. “We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.”

https://www.theregister.co.uk/2017/03/15/ss7_cellphone_spying_flaw_still_unfixed/

Where Have All The Exploit Kits Gone?

“When we compare exploit kit activity from January to December of 2016 there’s a drop of 300 percent in activity. That’s primarily due to these EKs dropping off the face of the Earth,” said Karl Sigler, threat intelligence manager at Trustwave. Exploit kits are a type of malicious toolkit chockfull of pre-written exploits for targeting various browser plugins such as Java and Adobe Flash. Kits are planted on booby-trapped sites or can be used in malvertising campaigns and spring into action if they can detect a vulnerability in a visitor’s browser or web application.

https://threatpost.com/where-have-all-the-exploit-kits-gone/124241/