IT Security News Blast 3-28-2017

FBI: Attackers Targeting Anonymous FTP Servers in Healthcare
The goal of these attackers is to access protected health information (PHI) and personally identifiable information (PII). The anonymous FTP extension lets users authenticate to the server with a common username and no password, or a generic password or email address. Because anyone can connect and look through these files, avoiding sensitive data has been the “standard guidance” for using anonymous FTP servers, says SANS Institute director John Pescatore.
Fortinet CISO on securing critical infrastructure: ‘We can no longer bring a knife to a gunfight’
Unfortunately, the critical infrastructure security challenge has not been solved as of yet. The reasons are two-fold: First, the scope/scale of the problem means it’s difficult to decide where to start and to understand what “finished” looks like. Second, no one person or organization owns the problem. Critical infrastructures are primarily owned and operated by diverse private sector organizations.
America’s plan for stopping cyberattacks is dangerously weak
The goal in cyberwar, or cyber diplomacy, is to get states to roll the dice less often, and to clarify the chances they take on each roll. For the United States, achieving this will sometimes require strategic restraint, sometimes demonstration of resolve — and sometimes retaliation. Addressing the threat of cyberwar and hostile escalation will require an improved US cyber policy across three areas: diplomacy, deterrence, and defense.
National Credit Union ISAO Integrates and Recommends VirnetX Gabriel Secure Technology
National Credit Union ISAO, a critical cyber infrastructure advisor to credit unions, and VirnetX™ Holding Corporation (NYSE MKT: VHC), a leader in Internet communication security software and technology, jointly announced today that National Credit Union Information Sharing and Analysis Organization (NCU-ISAO) is utilizing VirnetX’s Gabriel Collaboration Suite for critical ISAO communications and is recommending the technology to its members for secure communications and data transmission. NCU-ISAO draws its members from a segment base of 6,600+ institutions with more than 57,000 credit unions in the US and globally.
Is It Time to Go on the Cyber Attack?
Even if you could positively attribute an attack – a huge if – do you really want to help a customer take a virtual shot at, potentially, a nation-state bad actor or organized crime ring with deep pockets and plenty of time? Probably not. And as it turns out, Forbes and BMC aren’t, in fact, advocating waging cyber warfare. Instead, they say customer IT leaders are becoming more proactive. The report cites 2017 investment plans among more than 300 CIOs and CISOs surveyed that de-emphasize passive solutions like anti-malware. In fact, the report says advanced antivirus ranked lowest in funding plans.
New Bill Allows Rwanda to Launch Cyber Attacks at Any Threat
A newly proposed ‘National Cyber Security bill’ gives more powers to the responsible agency to investigate any threats in private and public institutions and defend the country from any attacks. […] “The agency will have powers to conduct investigations on any cyber threats in public and private organs. This will be aimed at assessing threat levels and in the interest of national and citizen’s security,” Nsengimana said.
America’s JobLink Suffers Security Breach
AJL said on March 21 that names, birthdates, and Social Security Numbers of applicants from Alabama, Arizona, Arkansas, Idaho, Delaware, Illinois, Kansas, Maine, Oklahoma, and Vermont were illegally accessed by an outside source. It explained that the code misconfiguration was introduced into the system through an update last October. AJL is currently working with the FBI to apprehend the hacker while a forensic firm is carrying out a detailed examination of the hacked accounts.
How CISOs Can Create A Balanced Portfolio Of Cybersecurity Products
When thinking about how companies should choose to spend their security dollars, I find the framework created by the National Institute of Standards and Technology (NIST) to be a great guide, although many security professionals also rely on ISO 27001. The NIST framework offers five main functions companies need to be able to address in their approach to cybersecurity: 1) Identify; 2) Protect; 3) Detect; 4) Respond; and 5) Recover.
Warning of cyber fraudsters targeting dealers and auctioneers
“This appears to be an extremely sophisticated electronic fraud. People have been falling victim to the scam because they have been expecting invoices for the sums concerned and it has never occurred to them that someone else has intercepted the emails and conned them out of the money. “The first they find out about it is when the supplier contacts them again for payment, but by then the crooks are long gone.”
USA can afford golf for Trump. Can’t afford .com for FBI infosec service
As its name implies, InfraGard is all about protecting American infrastructure. […] But not serious or important enough to have acquired the infragard.com domain. We know about this omission because over the last few days folks have been sharing emails luring them to the fake infragard.com, which offers a passable replica of the real InfraGard site and asks visitors to log in.
Encrypted Email Service Tutanota Celebrates 2 Million Users
According to a Tutanota official Hanna, “Every one of us has the right to express any idea freely or to keep it secret. Encryption is a great tool to achieve the latter.” As the people realize that their basic right to privacy is being exploited, they have no choice left but to turn towards encryption services and perhaps this is the main reason behind the exponential growth of Tunotna, Duckduckgo, and Qwant and many other privacy-focused services.
House could vote tomorrow to let ISPs sell your Web browsing history
The legislation is S.J. Res. 34, a resolution invoking the Congressional Review Act in order to invalidate the Federal Communications Commission’s privacy rules and prevent the FCC from issuing similar regulations in the future. The Senate vote was 50-48, with Republicans voting to kill the privacy rules and Democrats voting to preserve them. Lawmakers in the Republican-controlled House will also likely vote mostly along party lines, but privacy rule supporters urge residents to contact their legislators before the vote.
Five Ways Cybersecurity Will Suffer If Congress Repeals the FCC Privacy Rules
Risk #1: Snooping On Traffic (And Creating New Targets for Hackers)
Risk #2: Erasing Encryption (And Making it Easier for Hackers to Spy On You)
Risk #3: Inserting Ads Into Your Browsing (And Opening Holes In Your Browsing Security)
Risk #4: Zombie Supercookies (Allowing Hackers to Track You Wherever You Go)
Risk #5: Spyware (Which Opens the Door for Malware)
AT&T/DirecTV give in to government demands in collusion lawsuit settlement
DirecTV and its owner, AT&T, have promised the US Department of Justice that they will not illegally share information with rival pay-TV providers in order to keep the price of TV channels down. The DOJ sued DirecTV and AT&T in November 2016, saying the satellite-TV company colluded with competitors during contentious negotiations to broadcast Los Angeles Dodgers games. AT&T initially said that it looked forward to defending itself in court. But yesterday, the company agreed to a settlement “without trial or adjudication of any issue of fact or law.”
Ex-cyber security chief says Government is ‘using’ Westminster attack to grab unnecessary spying powers
Major General Jonathan Shaw said ministers were attempting to “use the moment” to push for security services having more control, despite there being only a weak case for it. Home Secretary Amber Rudd has turned up the heat on internet firms, saying it is “completely unacceptable” that authorities cannot look at encrypted social media messages of attacker Khalid Masood, but her words come as debate continues over allowing spy agencies further intrusive powers – only last year Parliament granted them sweeping new capabilities.
Drawing a Line on Mass Surveillance: How Congress Must Reform Section 702
Section 702 authorizes two truly alarming efforts that must be reformed or ended. The first program is Prism, which produces the majority of information collected under Section 702, and involves ordering companies to search all information in their possession and copy whatever data is tied to something intelligence agencies call ‘selectors.’ A selector is like a keyword in a search engine; they can be very broad and are connected to enormous amounts of information, all of which is provided to the government. […] The second program is Upstream, which collects information from the Internet’s ‘backbone,’ which includes the undersea cables linking continents and thereby enabling the global connectivity the Internet depends on.
iPhone-havers think they’re safe. But they’re not
While Android smartphones and tablets remained the top mobile target (81 per cent), iOS-based devices were also affected, particularly through spyphone applications, in the second half of the last year (4 per cent). Spyphone surveillance software (sometimes marked as spousal or child monitoring tech) tracks a user’s calls, text messages, social media applications, web searches, GPS locations or other activities.
Here’s What a Samsung Galaxy S7 Hacked with Ransomware Looks Like
It happened on 18th March, when a supposed “penalty notice” from Enforcement Bailiffs Ltd appeared on the smartphone informing the victim that their device has been blocked due to the presence of Child abuse content. It must be noted that Enforcement Bailiffs Ltd is a UK based commercial property enforcement specialists and has nothing to do with cyber crime related cases. Furthermore, the notice threatened victims in paying 200 GBP or else the so-called offensive material will be made public, and a case will go on trial.
Bugged Microwave? More like hacked dishwashers
A German researcher spotted a flaw in a networked dishwasher that could allow an attacker to access sensitive information on the appliance’s network. German security researcher Jens Regel spotted the web server security flaw in a Miele Professional PG 8528, a commercial dishwashers with IoT capabilities. If exploited the vulnerability could allow an attacker to access the appliance’s embedded web server that is always connected to port 80, according to a March 24 Seclist Full Disclosure.
API flaws said to have left Symantec SSL certificates vulnerable to compromise
If exploited, the flaws would allow an attacker access to public and private keys, as well as the ability to reissue or revoke certificates. In his post, Byrne said that he first became aware of the problems surrounding Symantec certificates in 2015. Everything was properly disclosed to Symantec, and Byrne agreed to limited non-disclosure, unless it became unethical or irresponsible for him not to disclose. In the end, it looked as if it would take nearly two years to fix the problem, based on conversations he had at the time.
SDN solves a lot of network problems, but security isn’t one of them
“The main risks associated with SDN are compromise of the control plane and potential scalability concerns of the control plane.” How the control plane is implemented determines its vulnerability, but if an attacker is able to access the controller, the results, “Can range from catastrophic with the attacker obtaining full control over the whole network, to a high security risk in a multi-controller SDN, where non compromised controllers can potentially detect and mitigate the compromised one,” De Gaspari said.