IT Security News Blast 6-14-2017

Crying wolf: Combatting cybersecurity alert fatigue

On average, 10 vulnerabilities exist per system. In fact, nearly three-quarters of security teams stated they were overwhelmed by the volume of vulnerability maintenance work assigned to them. And, when security teams were queried about contending with threat alerts, an even bigger percentage (79%) said they were overwhelmed by the volume. One issue is that alerting systems, such as security incident and event management (SIEM) systems, often don’t come equipped with the data required for security pros to make informed decisions, the EMA study found.

https://www.scmagazine.com/crying-wolf-combatting-cybersecurity-alert-fatigue/article/667677/

 

Closing the Cybersecurity Skills Gap Through Mergers and Acquisitions

“Human capital has moved ahead of technology when we look at companies,” said Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures. This makes acquiring a cybersecurity provider a viable consideration for larger organizations because it can bring much-needed expertise and facilitate a horizontal expansion that could even become a revenue source.

https://securityintelligence.com/closing-the-cybersecurity-skills-gap-through-mergers-and-acquisitions/

 

Be wary of vendors touting superior data science

As is the case with many tools from antivirus to firewalls, data science is useful and has its place in the overall security ecosystem, but it should be used to inform “decision making as a supplement to rules-based or signature-based detection,” the report said.

“Watson can win at Jeopardy, but if you try to play Family Feud, Watson can’t win. It’s powerful in the right context. “— Stephen Pieraldi

https://www.cso.com.au/article/620413/wary-vendors-touting-superior-data-science/

 

The Intersection of Cybersecurity and Intelligent Automation

Scanlon detailed how, after last year’s government-wide cyber sprint, HHS has established two-factor authentication for all of its users, en route to two-factor for systems administrators and network staff members. He also explained why the need for cyber defense automation is extra important for HHS. Many of the department’s agencies and bureaus are connected directly to the greater health care ecosystem, and health care data is among the most sought-after target of hackers.

https://federalnewsradio.com/sponsored-content/2017/06/the-intersection-of-cybersecurity-and-intelligent-automation/slide/1/

 

Grocery Industry’s Cybersecurity Challenges: Harbinger Of Threats To Corporate America

What makes the grocery industry so susceptible to calamities is that food is a necessity, not a luxury. Threats to food safety have the potential to create panic. If a company is the sole retailer affected, there’s a sobering chance it could lose customers — but perhaps only temporarily. The length of customers’ disaffection all depends on the effectiveness of the company’s response.

https://www.forbes.com/sites/richardlevick/2017/06/13/grocery-industrys-cybersecurity-challenges-harbinger-of-threats-to-corporate-america/#5ed25ad93eb4

 

FIN7 Hitting Restaurants with Fileless Malware

The recent campaign incorporates, “never before seen evasive techniques that allow (malware) to bypass most security solutions,” wrote researchers at Morphisec Lab in a report release on Friday. They said the malware attacks “pose a severe risk to enterprises” because the malware is so hard to detect.” As of Friday, there was a zero detection rate on VirusTotal for the documents used to deliver the malware.

https://threatpost.com/fin7-hitting-restaurants-with-fileless-malware/126213/

 

Five Eyes nations stare menacingly at tech biz and its encryption

The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent “terrorists and organized criminals” from “operating with impunity ungoverned digital spaces online,” according to Australian prime minister Malcolm Turnbull. In the most forthright call yet from a national leader to break encryption, Turnbull told Parliament: “The privacy of a terrorist can never be more important than public safety – never.”

https://www.theregister.co.uk/2017/06/13/five_eyes_stare_menacingly_at_encryption/

 

Russian cyberattack on US electoral systems more widespread than revealed: report

The Russian hackers hit systems in 39 states in all, Bloomberg reported, citing people with direct knowledge of the U.S investigation into the matter. Evidence shows hackers attempted to delete or alter voter data in Illinois, according to the news outlet. Hackers also accessed a campaign finance database in at least one state. […] “They’re coming after America,” Comey said. “They will be back.” Russian President Vladimir Putin has repeatedly denied any Russian involvement in elections-related hacking.

http://thehill.com/policy/cybersecurity/337538-russian-cyberattack-on-us-electoral-systems-more-widespread-than-reported

 

Government Cyber-security Experts have Insecure Website

[I] clipped to the top of my browser, so you could see the URL and see that I wasn’t fooling around. This is exactly what I got by clicking on the NSA site shown above! Maybe it’s just the NSA that’s screwed up. DHS probably has a better link, since their website was updated less than two months ago. Nope! Same result!

http://www.huffingtonpost.com/entry/government-cyber-security-experts-have-insecure-website_us_593ff7cfe4b0b65670e56df6

 

Is NATO Ready For Cyberwar?

So how is the alliance adapting to meet the challenges of this century? To find out we spoke to Ian Goslin, who is the head of CyberSecurity at defence and aerospace giant Airbus. Prior to this he worked in the Royal Air Force, heading up the technical team that looks after the RAF’s network. In other words, he knows his stuff. Here’s how our Q&A played out.

http://www.gizmodo.co.uk/2017/06/is-nato-ready-for-cyberwar/

 

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover,[3] Wild Positron/Duuzer,[4] and Hangman.[5] DHS has previously released Alert TA14-353A,[6] which contains additional details on the use of a server message block (SMB) worm tool employed by these actors.

http://www.military-technologies.net/2017/06/13/ta17-164a-hidden-cobra-north-koreas-ddos-botnet-infrastructure/

 

Risk of ‘Destructive Cyber Attacks’ Prompts Microsoft to Update XP Again

“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” said Adrienne Hall, general manager of Microsoft’s Cyber Defense Operations Center.

https://threatpost.com/risk-of-destructive-cyber-attacks-prompts-microsoft-to-update-xp-again/126235/

 

Mazda cars hacked with just a USB

The MZD – All-In-One Tweaks Installer or, MZD-AIO-TI for short, simply allows the user to play with the system’s settings letting them install apps and do all sorts of things to alter the original configuration. However, this was followed on by another enthusiastic car system researcher, Jay Turla, a security engineer at Bugcrowd, who used the former knowledge of the MZD-AIO-TI and other tools to devise a new tool called the Mazda-getInfo.

https://www.hackread.com/mazda-cars-hacked-just-usb/

 

Random numbers will make life difficult for hackers

Whenever we need to communicate in secret, a cryptographic key is needed. For this key to work, it must consist of numbers chosen at random without any structure – just the opposite of using the birthdate of our favorite pet. But, for a human, it is extremely difficult to choose without creating any bias, even by hitting the keyboard chaotically. To solve this problem, researchers have developed a new random numbers generator based on the principles of quantum physics.

http://www.homelandsecuritynewswire.com/dr20170614-random-numbers-will-make-life-difficult-for-hackers

 

Xavier Malware Infects Hundreds of Android Apps on Google Play Store

The IT security researchers at Trend Mirco have discovered that over 800 Android apps on Google Play store contain a malware called Xavier that is silently stealing personal and financial data of users. The infected apps belong to categories like photo manipulators, utilities, ringtone chargers, anti-virus, volume booster, speed booster, video converter, call recorder, and wallpaper apps downloaded millions of times by users around the world.

https://www.hackread.com/xavier-malware-infects-android-app-on-google-play-store/

 

Discredit a journo? Easy, that’ll be $55k. Fix an election? Oh, I can do that for just $400k

he techniques and methods used to spread fake news and manipulate public opinion have a wide range of objectives and even a price list. Cybercriminals produce, market and monetise fake news in underground markets. The scope of a campaign and intended target affect pricing. For example, campaigns aimed to spark street protests are priced at $200,000 while discrediting a journalist would cost $55,000 and creating a fake celebrity (with 300,000 followers) costs a more modest $2,600. A year-long campaign to influence election outcomes is available for just $400,000, the study says.

https://www.theregister.co.uk/2017/06/13/cybercrime_fake_news_as_a_service/

 

MacSpy: free malware-as-a-service hits Mac OS

Dubbed, MacSpy, AlienVault researchers spotted one of the first seen malware-as-a-service (MaaS) designed for the OSX platform, according to a June 9 blog post. At the low price of free, the malware packs quite a bang for the buck with a list of features that claim to offer no digital trace of the threat actor, screen capture, key logging, iCloud syncing, be invisible to the victim, continuous voice recording, pasteboard, and browser data retrieval services.

https://www.scmagazine.com/researchers-spot-mac-malware-as-a-service-dubbed-macspy/article/667978/

 

Bringing transparency to cell phone surveillance

Modern cell phones are vulnerable to attacks from rogue cellular transmitters called IMSI-catchers — surveillance devices that can precisely locate mobile phones, eavesdrop on conversations or send spam. Security researchers have developed a new system called SeaGlass to detect anomalies in the cellular landscape that can indicate where and when these surveillance devices are being used.

http://www.homelandsecuritynewswire.com/dr20170614-bringing-transparency-to-cell-phone-surveillance

 

Cybersecurity and Teaching The Machine

While teaching the machine is not a formal term that I am aware of, what I mean by that is the process that people — data scientists — go through to convert their expertise of detecting anomalies in patterns of data to something that machines understand and learn. It’s a process by which machines learn how to detect these cybersecurity patterns on their own. And although a data scientist is not typically a subject matter expert on teaching cybersecurity, that person can be a great resource to convert human interpretations to computer algorithms.

http://www.securityweek.com/cybersecurity-and-teaching-machine

 

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

“They’re taking advantage of the fact that there’s no filtering or approval process for ads, and that ads look almost indistinguishable from real results, and some ads take up the entire search result’s first page,” Lin wrote in his lengthy Medium post. “I dug deeper to find that unfortunately, these aren’t isolated incidents, they’re fairly common in the app store’s top grossing lists. And this isn’t just happening with security related keywords. It seems like scammers are bidding on many other keywords.”

http://thehackernews.com/2017/06/apple-subscription-scam.html

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.