IT Security News Blast 4-6-2017

Cyber Vulnerabilities Could Prove Life or Death for Patients

“I think one of the big problems would be in the manipulation of data,” said Denise Anderson, president of the National Health Information Sharing and Analysis Center (NH-ISAC), explaining that attackers could change random patient records and demand a ransom to reveal which records are changed. In the meantime, those changes could result in patients receiving the wrong treatment, being given medication that they are allergic to, or being improperly diagnosed. “That actually could have a huge impact on patient care and safety.”

https://www.meritalk.com/articles/cybersecurity-vulnerabilities-health-care-death-patients/

Boosting Healthcare Sector Cybersecurity: Essential Steps

“Organizations are unlikely to report security incidents if not required to do so, given the potential reputational harm that might occur. The reports we read about are only a small fraction of the incidents that actually occur. Furthermore, the incidents that do get reported – for example breaches of personal health information – also create a narrow focus on privacy protections for personal health information instead of considering the full spectrum of impacts caused by healthcare cyber incidents.”

http://www.govinfosecurity.com/boosting-healthcare-sector-cybersecurity-essential-steps-a-9811

Chinese hackers go after third-party IT suppliers to steal data

Major IT suppliers that specialize in cloud storage, help desk, and application management have become a top target for the hacking group known as APT10, security providers BAE Systems and PwC said in a joint report. That’s because these suppliers often have direct access to their client’s networks. APT10 has been found stealing intellectual property as part of a global cyberespionage campaign that ramped up last year, PwC said on Monday.

http://www.csoonline.com/article/3187769/security/chinese-hackers-go-after-third-party-it-suppliers-to-steal-data.html

Scottrade admits server snafu blabbed 20,000 customer files to world

Online brokerage Scottrade has admitted sensitive loan applications from roughly 20,000 customers were exposed to the world by a fumble-fingered third-party supplier. The cockup occurred when IT services biz Genpact uploaded the sensitive information to an Amazon-hosted server and didn’t lock the box down – allowing its contents to be potentially extracted by anyone passing by.

https://www.theregister.co.uk/2017/04/05/scottrade_vendor_exposed_20000_customer_accounts/

Banks Must Focus More on Cyber-Risk

The new rules for midsize and large banks are designed to intensify their focus on cyber-risk mitigation and cyberattack resilience. In their Enhanced Cyber Risk Security Standards, they encourage self-assessment using the FFIEC Cybersecurity Assessment Tool, adhering to the NIST Cybersecurity Framework and CPMI-TOSCO Guidance on cyber resilience for financial market infrastructures plus the adoption of sound practices as outlined in the “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System.”

http://www.darkreading.com/endpoint/banks-must-focus-more-on-cyber-risk/a/d-id/1328566

IT leaders share how they quell cybersecurity attacks

Being ready requires significant investments, both in talent and technologies. IDC says corporations will spend $101.6 billion on cybersecurity software, services and hardware, a 38 percent increase from the $73.7 billion it expected companies to spend in 2016. To help you develop your strategy, two chief security officers and one CIO share their experiences with their favorite security tools.

http://www.cio.com/article/3187693/cio-role/it-leaders-share-how-they-quell-cybersecurity-attacks.html

Dems sound alarm over Trump’s proposed cuts to energy office spearheading cybersecurity

President Trump has proposed reducing the Department of Energy’s budget by nearly $2 billion next fiscal year, which would include cuts to the Office of Electricity Delivery and Energy Reliability. […] “I am very concerned that the president has proposed significant cuts to the electricity office’s budget that could impair our ability to meet the challenges foreign actors and others present to our energy infrastructure,” Heinrich said.

http://thehill.com/policy/cybersecurity/327263-dems-sound-alarm-over-trump-budget-cuts-to-energy-office-spearheading

Kim Jong-un’s ‘hackers target banks in up to 18 countries for cash to spend on North Korea’s terrifying nuclear programme’

Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies who tracks North Korea’s activities, told CNN: ‘This is all for their nuclear weapons and missile programs. They need this money for building and researching more ballistic missiles.’ […] Targets included banks, financial and trading companies, casinos and digital currency businesses in at least 18 nations, the report said.

http://www.dailymail.co.uk/news/article-4379248/North-Korea-hackers-target-banks-18-countries.html

McAfee spins out of Intel to become an independent cybersecurity company

The security software company, founded by American computer programmer John McAfee, has been around for three decades but was acquired by Intel between 2010 and 2011. This week, it became a new, jointly-owned independent cybersecurity company, with alternative asset management firm TPG owning a 51 percent stake and Intel retaining 49 percent. The deal was announced last September, and valued the business at approximately $4.2 billion.

http://www.cnbc.com/2017/04/04/mcafee-new-independent-cybersecurity-company-again.html

What home products are most susceptible to cyber burglars?

No matter how intelligent they claim to be, many smart home gadgets are vulnerable to hackers. Nowadays even the lock on your front door is susceptible to a cyberattack. […] The survey respondents were also asked about what fears they have of smarthomes. They were afraid of identity theft by criminal hackers (65% were concerned or fearful); 62% – cyberattacks on America’s web infrastructure; 51% – email or social media account hacking; and 42% – Eavesdropping by foreign governments.

http://www.csoonline.com/article/3186808/security/what-home-products-are-most-susceptible-to-cyber-burglars.html

Massive uptick in tax scam phishing emails, records cost $50 on the Dark Web

IBM’s X-Force researchers noted in a report released today called Cybercrime Riding Tax Season Tides a 6,000 percent increase in the number of spam emails containing a specific form of tax form, such as W-2s, fraud between December 2016 and February 2017. At the same time the amount of spam that uses a generic tax themed message to entice the recipient into opening the email or attachment has also skyrocketed, with the number being pushed basically doubling every month starting in January.

https://www.scmagazine.com/massive-uptick-in-tax-scam-phishing-emails-records-cost-50-on-the-dark-web/article/648452/

Malware Scanning Services Containers for Sensitive Business Information

Malware scanning services could be the next listening outpost for criminals and nation-state attackers as more of these services such as VirusTotal are becoming containers for personal, business and even classified information because of some organizations’ policy decision to upload every file, document and email. […] Third-party business partners are one of the biggest offenders, Neis said. Business data used in outsourcing engagements is often automatically sent to a malware scanner and the original data owners are none the wiser.

https://threatpost.com/malware-scanning-services-containers-for-sensitive-business-information/124802/

Samsung’ Tizen OS Contains Tons of Critical Security Flaws

Samsung uses Tizen OS in its mobile phones, smart TVs, and smartwatches. Samsung states that Tizen is an open-source OS. According to the company’s November 2016 statistics, the OS was used in 50 million devices including Samsung Gear S3 smartwatch and their Smart TVs. This means, if the analysis of Neiderman is accurate then the extent of impending security threat is also quite extensive in scope.

https://www.hackread.com/samsung-tizen-os-contains-tons-of-critical-security-flaws/

Microsoft opens up on Windows telemetry, tells us most of what data it collects

The Creators Update represents Microsoft’s first real reaction to the outcry. The operating system itself is more explicit about obtaining consent for privacy settings. The out-of-box experience shown during installation has a new settings screen for privacy options, and existing Windows 10 users will be asked to choose their privacy settings during the process of upgrading to the Creators Update. Microsoft has also extended the documentation within the product and online to be clearer and more explicit about what each privacy option controls and what the consequences are of turning the options on and off.

https://arstechnica.com/information-technology/2017/04/microsoft-opens-up-on-windows-telemetry-tells-us-most-of-what-data-it-collects/

Android devices can be fatally hacked by malicious Wi-Fi networks

The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. […] The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom’s wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode.

https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/

International, Large-Scale Cyber Attack Uncovered by Cyber Security Watchdogs

The cyber attack, uncovered through a collaboration by Britain’s National Cyber Security Centre, PwC and cyber security firm BAE Systems, targeted managed service providers to gain access to their customers’ internal networks since at least May 2016 and potentially as early as 2014. The exact scale of the attack, named Cloud Hopper from an organization called APT10, is not known but is believed to involve huge amounts of data, Sweden’s Civil Contingencies Agency said in a statement. The agency did not say whether the cyber attacks were still happening.

http://www.insurancejournal.com/news/international/2017/04/05/446925.htm

Hurd ramps up call for cyber national guard

“The concept is actually quite simple,” he said. “This is really a way to… recruit and hire qualified individuals to the federal IT workforce and then retain their skills in the future on a rotational basis.” The challenge, Hurd said, lies in the details for standing it up, and how it would carry out its functions once operational. […] “The approach we’re taking to hiring cyber talent is well-intended, but it gets in the way of actually filling an awful lot of these vacancies across the federal enterprise and retaining that talent,” he said.

https://fcw.com/articles/2017/04/04/hurd-cyber-guard-gunter.aspx

U.S. Remains ‘Broadly Reactive’ to Cyber Threats

My sense of what nations are doing in this space is it’s more coordinated, it’s more interoperable, from their perspective, and it’s more structure and it’s more integrated. They are building what I would call campaigns, and they are being very thoughtful about it, they are purposeful in their approach, and there is some design that they are organizing themselves to do and I think that they are on the field in this space and we are figuring out how to get on that field.”

http://seapowermagazine.org/stories/20170404-cyberthreat.html

Critical Xen hypervisor flaw endangers virtualized environments

This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers’ virtualized servers share the same underlying hardware. […] The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.

http://www.csoonline.com/article/3187722/security/critical-xen-hypervisor-flaw-endangers-virtualized-environments.html