IT Security News Blast 4-14-2017

95 Percent of Organizations Have Employees Seeking to Bypass Security Controls

The Dtex report is based on an analysis of risk assessments conducted by a sample of its customer base. A stunning 95% of the assessments showed employees to be engaged in activities designed to bypass security and web-browsing restrictions at their organizations. Examples included the use of anonymous web browsers such as TOR, anonymous VPN services, and vulnerability-testing tools such as Metasploit. The use of anonymous VPN services within organizations in fact doubled between 2015 and 2016, according to Dtex.

http://www.darkreading.com/attacks-breaches/95-percent-of-organizations-have-employees-seeking-to-bypass-security-controls/d/d-id/1328628?

Anthem to data breach victims: Maybe the damages are your own darned fault

Insurance giant Anthem has effectively scared off possible victims of a 2015 data breach by asking to examine their personal computers for evidence that their own shoddy security was to blame for their information falling into the hands of criminals. […] The examiners would be looking only for evidence that their credentials or other personal data had been stolen even before the Anthem hack ever took place, according to a blog by Chad Mandell, an attorney at LeClairRyan.

http://www.networkworld.com/article/3187522/security/anthem-to-data-breach-victims-maybe-the-damages-are-your-own-darned-fault.html

‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable

A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and originally reported the vulnerability to Magento in November. […] “We’re unsure if this vulnerability is actively being exploited in the wild, but since the vulnerability has been unpatched for so long it provides a window of opportunity for potential hackers,” Stankovic said.

https://threatpost.com/high-risk-zero-day-leaves-200000-magento-merchants-vulnerable/124965/

TN Updates Data Breach Notification Law for Encrypted Data

Any person or business that conducts business in Tennessee is only required give data breach notification if the information acquired was unencrypted, according to a recently passed amendment. Amended Senate Bill 547 states that encrypted data is “computerized data that is rendered unusable, unreadable, or indecipherable without the use of a decryption process or key and in accordance with the current version of the Federal Information Processing Standard (FIPS).”

http://healthitsecurity.com/news/tn-updates-data-breach-notification-law-for-encrypted-data

FBI Director: Public Should Be Aware Agenda-Driven Fake News

Comey said the Russian government has for years tried to weaken public faith in democratic processes around the globe, and recently has resorted to more sophisticated tactics. […] U.S. intelligence agencies said in a January report that Russian efforts to interfere in last year’s American presidential election in favor of Republican Donald Trump included paid social media users, or “trolls.” Part of the goal was to spread information to “denigrate” Democratic presidential nominee Hillary Clinton, who lost the November election, according to the report.

https://www.usnews.com/news/politics/articles/2017-04-13/fbi-director-public-should-be-sensitive-to-fake-news

Brexit: foreign states may have interfered in vote, report says

A report by the Commons public administration and constitutional affairs committee (PACAC) said MPs were deeply concerned about the allegations of foreign interference in last year’s Brexit vote. The committee does not identify who may have been responsible, but has noted that both Russia and China use an approach to cyber-attacks based on an understanding of mass psychology and of how to exploit individuals. The findings follow repeated claims that Russia has been involved in trying to influence the US and French presidential elections.

https://www.theguardian.com/politics/2017/apr/12/foreign-states-may-have-interfered-in-brexit-vote-report-says

Spam Czar Nabbed in Spain May Have Link to Election Tampering

“What we do know from the indictments issued last month against the Yahoo hackers is that Russian intelligence officers protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” he told TechNewsWorld. “This means we can’t rule it out.” It’s more than a possibility — it’s very likely to be true, maintained Avivah Litan, a security analyst with Gartner. “The guys conducting cybercrime are the same guys that meddled in the elections,” she told TechNewsWorld. “They’re using the same infrastructure.”

http://www.technewsworld.com/story/Spam-Czar-Nabbed-in-Spain-May-Have-Link-to-Election-Tampering-84451.html

Foreign Office attacked by Russia-linked cyber hackers

The Foreign Office has been targeted by a “highly motivated and well-resourced” group of cyber-hackers which has been linked to Russia. Hackers targeted civil servants with a “spear-phishing” campaign, in which people were sent targeted emails in an attempt to trick them into downloading malicious files. […] Another cybersecurity expert told the BBC the hackers were linked to Russian attempts to influence the outcome of the US election. Two of the addresses used by the hackers were linked to the US attacks.

http://www.telegraph.co.uk/news/2017/04/13/foreign-office-attacked-russia-linked-cyber-hackers/

Nation-State Hackers Go Open Source

For some of these threat groups, it’s a cost-saving move and a more efficient early-stage attack method. Using the same hacking tools used by security researchers and penetration testers to root out security weaknesses and exploit holes in enterprise networks saves on development costs. For others, it’s purely for camouflaging purposes, providing cover as a legitimate penetration test, for instance.

http://www.darkreading.com/threat-intelligence/nation-state-hackers-go-open-source/d/d-id/1328619

Outer-Space Hacking a Top Concern for NASA’s Cybersecurity Chief

“It’s a matter of time before someone hacks into something in space,” Hanna-Ruiz, 44, said in an interview at her office in Washington. “We see ourselves as a very attractive target.” Cybersecurity at the National Aeronautics and Space Administration extends from maintaining email systems at the agency’s Washington headquarters to guarding U.S. networks in Russia, where Americans serve on crews working with the International Space Station. The agency also has to protect huge amounts of in-house scientific data and the control systems at its 20 research centers, laboratories and other facilities in the U.S.

https://bol.bna.com/outer-space-hacking-a-top-concern-for-nasas-cybersecurity-chief/

Burger King hijacks the Google Assistant, gets shut down by Google

The ad ends with a person saying “OK Google, what is the Whopper burger?”—a statement designed to trigger any Google Assistant devices like Android phones and Google Home to read aloud a description of the hamburger’s ingredients. […] Before the ad was disabled, the Google Assistant would verbally read a list of ingredients from Wikipedia. Of course the Internet immediately took to Wikipedia to vandalize the burger’s entry page, with some edits claiming it contained “toenails” or “cyanide.”

https://arstechnica.com/gadgets/2017/04/google-burger-king-feud-over-control-of-the-google-assistant/

Legislation allowing warrantless student phone searches dies for now

The measure was crafted by the Association of California School Administrators and introduced by Assemblyman Jim Cooper, a Democrat representing Elk Grove (just south of Sacramento). Laura Preston, a lobbyist for the Association of California School Administrators, told Ars that opposition to the measure was “crazy” and akin to starting a “World War.”

https://arstechnica.com/tech-policy/2017/04/legislation-allowing-warrantless-student-phone-searches-dies-for-now/

Researchers developing autonomous robot surveillance

Thanks to a four-year, $1.7 million grant from the U.S. Office of Naval Research, Cornell University researchers plan to develop a robot surveillance system that would involve robots sharing “information as they move around, and if necessary, interpret what they see. This would allow the robots to conduct surveillance as a single entity with many eyes.” This would be done allegedly to “protect you from danger.”

http://www.networkworld.com/article/3189464/security/researchers-developing-autonomous-robot-surveillance-many-eyes-with-one-mind.html

Free health apps laugh in the face of privacy, sell your wheezing data

In addition to access to the user and device data, many apps also demanded access to photos and other data stored on mobile devices. GPS data as well as device IDs and call information were not infrequently requested, 12 apps demanded direct access to the camera, seven wanted to freely use the microphone, and three even required full telephony functions of the smartphones. Much of the slurped data was irrelevant to the core function of the app, AV-TEST reports.

https://www.theregister.co.uk/2017/04/13/ehealth_app_privacy_concerns/

Hackers Cloning Popular Android Apps to Infect Users with Malware

As written in their blog post “Ewind is more than simply Adware. Ewind is, at very least, an actual Trojan – subverting genuine Android apps. The actor behind this activity can easily take full control of the victim device.” When investigating multiple samples of the Ewind, researchers found that the Adware can do a lot of damage to its victim and could perform multiple tasks. On gaining the administrative rights, attackers can send several commands to the infected device including locking the screen, displaying different ads, preventing the uninstallation of the app, etc.

https://www.hackread.com/hackers-cloning-android-app-with-malware/

SC Exclusive: Spyware disguises itself as IRS tax notification

According to an analysis by Fortinet security researcher Xiaopeng Zhang, the Windows-based malware collects infected victims’ system information, takes screenshots and records keystrokes, and then exfiltrates this data over to a command-and-control server. Stolen system information includes the machine’s name, user name, system type and system version. Discovered on April 5, the spyware is in essence a malicious .VBE (VBScript Encoded Script) file whose code is embedded into a jpeg file in order to bypass anti-virus solutions.

https://www.scmagazine.com/sc-exclusive-spyware-disguises-itself-as-irs-tax-notification/article/650456/

Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store

In a nutshell, BankBot is mobile banking malware that looks like a simple app and once installed, allows users to watch funny videos, but in the background, the app can intercept SMS and display overlays to steal banking information. Mobile banking trojan often disguises itself as a plugin app, like Flash, or an adult content app, but this app made its way to Google Play Store by disguising itself as any other regular Android app. Google has removed this malicious app from its Play Store after receiving the report from the researcher, but this does not mean that more such apps do not exist there with different names.

http://thehackernews.com/2017/04/android-banking-malware.html

SAP Updates Two-Year-Old Patch for TREX Vulnerability

“I reversed a protocol for HANA and then for the TREX search engine. As they share a common protocol, the exploit has been easily adapted,” Geli said in a statement. “SAP fixed some features, but not everything affecting the core protocol. It was still possible to get full control on the server even with a patched TREX.” The flaw (CVE-2017-7691) was patched Tuesday along with 14 other vulnerabilities as part of SAP’s scheduled patch release. The TREX vulnerability was given the highest severity rating of the bugs patched yesterday.

https://threatpost.com/sap-updates-two-year-old-patch-for-trex-vulnerability/124936/

Callisto Group snoopers wreak havoc with leaked HackingTeam spyware

“They act like nation-state attackers, but there’s also evidence linking them with infrastructure used by criminals,” said F-Secure’s security advisor Sean Sullivan. “So they could be an independent group that’s been contracted by a government to do this work, or possibly doing it on their own with the intent of selling the information to a government or intelligence agency.” The Callisto Group’s tradecraft typically relies on highly targeted phishing attacks and malware. The malware used by the group is a variant of the Scout tool developed by Italian surveillance firm HackingTeam.

https://www.theregister.co.uk/2017/04/13/apt_crew_abuses_leaked_hackingteam_spyware/

Cyber-arms dealers offer to sell surveillance weapons to undercover Al Jazeera reporters posing as reps of South Sudan and Iran

Al Jazeera documents this in “Spy Merchants,” a new series that shows two Italian companies (IPS and AREA) and a Chinese company (Semptian) conspiring with their reporter to launder cyber-weapons into Iran and South Sudan. The vendors promised to strip all logomarks off their products to make it impossible to trace them back, and offered ways of circumventing sanctions, such as selling surveillance tools to shell companies in Tunisia, who could then make a “gift” of them to South Sudan.

https://boingboing.net/2017/04/11/we-have-no-problem-with-iran.html

//]]>