IT Security News Blast 5-4-2017

False positives still cause threat alert fatigue

A survey by FireEye polled C-level security executives at large enterprises worldwide and found that 37 percent of respondents receive more than 10,000 alerts each month. Of those alerts, 52 percent were false positives, and 64 percent were redundant alerts. […] The problem this creates is analyst overload, Kerr notes. “In other words, the system is unable to provide sufficient context up front to filter out the anomaly before it generates an alert, so it falls to the analyst to do that manually.

http://www.csoonline.com/article/3191379/data-protection/false-positives-still-cause-alert-fatigue.html

 Small Budgets Cripple Cybersecurity Efforts of Local Governments

According to 411 respondents in the Cybersecurity 2016 survey, 32% reported seeing an increase in cyberattacks to their organizations within the past 12 months. But despite this increase, more than half of the CIOs surveyed found steep obstacles still stood in their way of achieving the highest level of cybersecurity as possible.

Survey respondents pointed to these reasons as the barriers to obtaining high cybersecurity levels:

  • 58% noted inability to pay competitive salaries
  • 53% attributed small cybersecurity staff as the main obstacle
  • 52% cited overall lack of funds

http://www.darkreading.com/endpoint/small-budgets-cripple-cybersecurity-efforts-of-local-governments/d/d-id/1328793

 Data Breach Digest: Cybersecurity risks for small businesses are anything but small

The fact of the matter is that attackers don’t discriminate, and they are becoming more and more advanced with tools that allow them to easily scale their attacks. What’s concerning about small businesses, in particular, is the significant and oftentimes unrecoverable damage a cyber-attack can have. For instance, the U.S. National Cyber Security Alliance states that 60 percent of small businesses are unable to sustain their businesses more than six months after experiencing a cyber-attack.

http://www.securityinfowatch.com/article/12330870/data-breach-digest-cybersecurity-risks-for-small-businesses-are-anything-but-small

 The Vulnerability & Safeguarding of the Healthcare Tech Sector from Cyber Attack

Individuals or organizations with queries or other necessities pertaining to the healthcare sector are looking towards the internet and digital technology for the sake of convenience and time saving. However, along with the ease that these technologies offer, there is a sinister threat of cyber attack making the hospitals along with the entire healthcare sector increasingly vulnerable. In a larger and more holistic context security encompasses the physical as well as cyber security. Cyber security in particular entails protecting the data and systems from cyber threats like cyber terrorism, cyber warfare, and cyber spying to name a few.

http://www.iamwire.com/2017/05/healthcare-tech-cyber-attack/152137

 Don’t click that Google Docs link! Gmail hijack mail spreads like wildfire

The phishing campaign really kicked off in a big way on Wednesday morning, US West Coast time. The malicious email contains what appears to be a link to a Google Doc file. This leads to a legit Google.com page asking you to authorize “Google Docs” to access to your Gmail account. Except it’s not actually the official Google Docs requesting access: it’s a rogue web app with the same name that, if given the green light by unsuspecting marks, then ransacks contact lists and sends out more spam. It also gains control over the webmail account, including the ability to read victims’ messages and send new ones on their behalf.

https://www.theregister.co.uk/2017/05/03/google_docs_hit_phishing_email_campaign/

 Russian hackers use OAuth, fake Google apps to phish users

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too. It’s sneaky hack that’s particularly worrisome, because it can circumvent Google’s 2-step verification, according to security firm Trend Micro. The group, known as Fancy Bear or Pawn Storm, has been carrying out the attack with its favored tactic of sending out phishing emails, Trend Micro said in a report Tuesday.

http://www.itworld.com/article/3192143/security/russian-hackers-use-oauth-fake-google-apps-to-phish-users.html

 Automated mitigation on endpoint devices and networks can be tricky

“I think there’s a lot of potential,” said Joseph Blankenship, analyst at Forrester Research. “We’re definitely in a period of discovery, though, and that has to take place before we’re going to see widespread, mainstream adoption.” Enterprises first need to get more experience with security automation tools, he said, and see what impact they have. But full incident response automation is probably three to five years from becoming reality, he said.

http://www.csoonline.com/article/3193036/security/automated-mitigation-on-endpoint-devices-and-networks-can-be-tricky.html

 A key player in finance is trying to stop another $80 million cyber attack on a central bank

According to Javier Pérez-Tasso, chief executive of the Americas & UK at SWIFT, who also took to the stage in London, dealing with the threat from cyber-criminals is a “team sport” that requires an “industry-wide response” because “there has been a 40% rise in attacks targeting FIs.” Banks, insurers and others are four times more likely to be targeted than other sectors, added Pérez-Tasso, as that is where the money is. “Getting hit is very expensive.”

http://www.cnbc.com/2017/05/03/a-key-player-in-finance-is-trying-to-stop-another-80-million-cyber-attack-on-a-central-bank.html

 Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

The goal of this attack is likely two-fold. This instance acted as potential proof-of-concept for a convincing Google phish via OAuth. Second, and more concerning, this attack allowed the OAuth owner access to all of the email content and contact information for every compromised victim of the attack. […] Because of the success of this attack, we are likely going to see phishing attacks of this nature for the foreseeable future.

http://blog.talosintelligence.com/2017/05/google-oauth-phish.html

 Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

In January, thieves exploited SS7 weaknesses to bypass two-factor authentication banks used to prevent unauthorized withdrawals from online accounts, the German-based newspaper Süddeutsche Zeitung reported. Specifically, the attackers used SS7 to redirect the text messages the banks used to send one-time passwords. Instead of being delivered to the phones of designated account holders, the text messages were diverted to numbers controlled by the attackers. The attackers then used the mTANs—short for “mobile transaction authentication numbers”—to transfer money out of the accounts.

https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/

 Researcher: ‘Baseless Assumptions’ Exist About Intel AMT Vulnerability

Embedi said its hands are tied and it can’t release granular details on the AMT flaw, but promised a fuller account once Intel and other stakeholders have a chance to patch systems. “Intel representatives have asked Embedi to hold off on disclosing any technical details regarding this issue until further notice,” according to a blog post by Embedi titled MythBusters. Evdokimov emphasizes the vulnerability is not associated with a remote code execution (RCE) bug as others had assumed in reports following Intel’s security bulletin.

https://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt-vulnerability/125390/

 Air Force knocking down stovepipes to shore up space cybersecurity

There is a lot of legacy, older equipment out there that was fielded without cybersecurity in mind. Getting our arms around the diversity of that equipment and how we can tailor solutions to defend each one of those architectures is not an insubstantial amount of work. The challenge is to provide something that we can defend better and then to migrate that in some way, shape or form into something that can defend the enterprise versus defending individual stovepipes with targeted solutions.

http://spacenews.com/air-force-knocking-down-stovepipes-to-shore-up-space-cybersecurity/

 Gannett phishing attack compromised 18,000 accounts

Although Gannett did not explicitly state which information was compromised, it will be notifying those affected as well as offering credit monitoring services because employee information was potentially available through some of the affected accounts before administrators could shut them down. The attack appears to have been carried out by an attacker who was able to compromise the Office 365 credentials of some HR employees, Plixer International Director of Marketing and Strategic Relationships Bob Noel told SC Media.

https://www.scmagazine.com/gannett-company-hit-with-phishing-attack/article/654656/

 New iCloud Phishing Scam steals credit card data, access device’ camera

When it comes to phishing scams, the general concept is that cyber criminals will only send a link to trick users into logging in with their social media or email credentials. But since that is an old school trick, the malicious threat actors are aiming at much more than your Facebook or Gmail password. Recently, we discovered a sophisticated phishing campaign targeting Apple users. The aim of this attack is to steal their Apple ID, credit card data, a government issued ID card, and or passport.

https://www.hackread.com/icloud-phishing-scam-credit-card-camera-access/

 Sabre Corp. Investigating Breach of Reservation System

The Texas-based company disclosed the breach Tuesday in a quarterly 10-Q filing with the Securities and Exchange Commission. According to the filing, attackers may have secured access to payment information contained in a subset of hotel reservations processed through SynXis, the company’s central reservation system. The platform, a cloud-based software as a service (SaaS) solution, allows employees to access room pricing, scheduling, and availability at participating hotels.

https://threatpost.com/sabre-corp-investigating-breach-of-reservation-system/125405/

 ATM security devs rush out patch after boffins deliver knockout blow

“To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection,” said Georgy Zaytsev, a researcher with Positive Technologies. “During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution.

https://www.theregister.co.uk/2017/05/03/atm_security_software_vuln/

 What does a cyber future hold?

China, North Korea, terrorist groups and others have been enhancing their cyber capabilities to support military and other campaigns against perceived enemies. Senior Reporter Bradley Barth also shows in his story, “Extreme Hoarders: Zero-Day Edition,” that with a bevy of nations engaging in spy games, the hoarding of software bugs to leverage in various actions against other countries is an unsurprising but questionable practice for the wider public, technology firms and the governments doing the stockpiling themselves.

https://www.scmagazine.com/what-does-a-cyber-future-hold/article/654810/

 Don’t panic, Florida Man, but a judge just said you have to give phone passcodes to the cops

Defendants Hencha Voigt and Wesley Victor had been accused of using stolen photos and videos to extort payment from SnapChat celeb Julieanna Goddard. Voigt and Victor’s smartphones – an iPhone and a Blackberry – are believed to contain evidence of the extortion plot. Police had sought to force the pair to give them their passcodes, while defense lawyers had claimed giving up the codes would violate Fifth Amendment protections against forced self-incrimination. According to the Miami Herald, the judge ruled in favor of the prosecution with the reasoning that the codes were not equivalent to being forced to testify, but were more like “turning over a key to a safety box.”

https://www.theregister.co.uk/2017/05/03/florida_passcode_unlock_phone_cops/

 Facebook enters war against “information operations,” acknowledges election hijinx

Facebook no longer wants to be a tool for enlisting “useful idiots.” […] “In brief, we have had to expand our security focus… to include more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people,” Stamos and his team wrote. The white paper is an attempt to bring transparency to how the company is handling organized efforts to exploit Facebook as a vehicle for information warfare.

https://arstechnica.com/information-technology/2017/05/facebook-enters-war-against-information-operations-acknowledges-election-hijinx/

 Hundreds of Apps Using Ultrasonic Signals to Silently Track Smartphone Users

Ultrasonic Cross-Device Tracking is a new technology that some marketers and advertising companies are currently using to track users across multiple devices and have access to more information than ever before for ad targeting. For example, retail stores you visit, a commercial on TV or an advertisement on a web page can emit a unique “ultrasonic audio beacon” that can be picked up by your device’s mobile application containing a receiver.

http://thehackernews.com/2017/05/ultrasonic-tracking-signals-apps.html

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

 

//]]>