IT Security News Blast 6-19-2017

Cybersecurity for healthcare a “public health concern,” task force says

A federal task force called healthcare cybersecurity a public health concern that needs immediate and aggressive attention, and said increased digital connectivity places a greater responsibility on healthcare organizations to secure their equipment and patient data. […] Threats to cybersecurity for healthcare facilities range from technical exploits such as ransomware to insider threats such as employee negligence. Both types of threats can potentially expose patient data and leave it susceptible to fraud and identity theft.

http://searchhealthit.techtarget.com/blog/Health-IT-Pulse/Cybersecurity-for-healthcare-a-public-health-concern-task-force-says

Pros and Cons of Potential ‘Wall of Shame’ Changes

Is it time for the Department of Health and Human Services to change the so-called “wall of shame” website used to report large health data breaches as mandated under the HITECH Act? And if so, what should be changed? […] But many privacy and security experts are not convinced that the website should be dramatically altered. Some suggest tweaks, such as limiting the length of time breaches are listed. Others like the site as it is, saying it provides valuable insights into security mistakes other healthcare entities should avoid.

http://www.careersinfosecurity.com/pros-cons-potential-wall-shame-changes-a-10001

Treasury calls on financial regulators to coordinate cybersecurity oversight

In an earlier interview, he said the firm answers to four regulators on cybersecurity: the Securities and Exchange Commission, the Financial Industry Regulatory Authority Inc., the Office of the Comptroller of the Currency, and the Federal Reserve. “They don’t communicate with each other, they don’t coordinate with each other, they don’t consolidate with each other,” Mr. Brown said. “Each comes in and does their exam, which could take two months.”

http://www.investmentnews.com/article/20170614/FREE/170619973/treasury-calls-on-financial-regulators-to-coordinate-cybersecurity

Georgia special election disruption concerns rise after 6.7M records leaked

[The] state has continuously ignored efforts to patch the vulnerabilities of Georgia’s special election between Democratic candidate Jon Ossoff against Republican former Secretary of State Karen Handel, according to Politico. […] There is a good chance the network was compromised and there is a good chance the network is currently compromised, FFRI CEO Pablo Garcia told SC Media. And most likely still vulnerable to attack.

https://www.scmagazine.com/researchers-fear-georgia-special-election-still-vulnerable/article/668925/

After 2016 election hacking, Illinois politicians pose cybersecurity questions to local officials

The letter from Durbin and Hastings to county clerks across Illinois lauds the State and Local Cyber Protection Act of 2017, a Senate bill that aims to increase cybersecurity cooperation between the Department of Homeland Security and state and local governments which vary widely in their ability, resources and expertise to deal with the rising tide of cybersecurity threats.

https://www.cyberscoop.com/after-2016-election-hacking-illinois-will-assess-election-system-cybersecurity/

Fighting cybercrime: A dilemma

Some elements of the federal government are so focused on hunting down information against a few horrendous criminals that they don’t seem to realize they’re doing it at the expense of our right to privacy and online protection. We can appreciate their dedication in these noble causes. But the fact remains that the internet has become a host to more and more personal information ever since Steve Jobs introduced the first iPhone.

http://triblive.com/opinion/featuredcommentary/12268629-74/fighting-cybercrime-a-dilemma

Backdoors, encryption and internet surveillance: Which way now?

“We cannot allow this ideology the safe space it needs to breed — yet that is precisely what the internet, and the big companies that provide internet-based services provide,” said Prime Minister Theresa May, following the recent terrorist attacks in Manchester and London. “We need to work with allied democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremist and terrorism planning,” May added.

http://www.zdnet.com/article/backdoors-encryption-and-internet-surveillance-which-way-now/

Facebook built an AI system that learned to lie to get what it wants

Here’s how the bot works: After it sees what each item is worth, it begins generating a statement listing its demands, one word at a time. For instance, the bot would say, I’d like all the books, because the books are worth more points to it than hats or basketballs. Based on how the neural network has seen humans negotiate in the past, it comes up with a combination of words in a particular order that should return the greatest reward.

https://qz.com/1004070/facebook-fb-built-an-ai-system-that-learned-to-lie-to-get-what-it-wants/

Fake news services and tools proliferate on online markets

Fake news can take the form of news based on inaccurate facts or based on accurate facts but twisted to favor a particular view or side. The addition of social media into the mix makes it so that this type of news becomes more credible through the simple fact that legitimate users (or what seem to be legitimate users) share it with their contacts.

https://www.helpnetsecurity.com/2017/06/15/fake-news-services-tools/

Erosion of ISP Privacy Rules Sparks New Anti-Snooping Efforts

Twenty-two states have drafted their own ISP privacy rules, and in March, Rep. Marsha Blackburn (R-Tenn.) proposed mandates on the federal side. But, in the wake of an unclear privacy road ahead, consumers are increasingly taking privacy protections into their own hands and turning to VPN services. According to companies offering VPN services, the once sleepy consumer VPN market is on fire.

https://threatpost.com/erosion-of-isp-privacy-rules-sparks-new-anti-snooping-efforts/126300/

Disruptive Ransomware Group FIN10 Hacked Casinos, Mining Firms

Sensitive data and information were stolen: As part of the campaign, FIN10 has apparently hacked into the networks of different mining companies and casinos in Canada and has stolen critical information with regards to customers’ habits and other system-level data. According to the firm’s research (PDF), FIN10 has been on the loose since 2013 and had gone undetected till 2016. It is only now that the attacks have been linked to the group. However, the identity and location of the perpetrators remain to be unknown.

https://www.hackread.com/disruptive-ransomware-group-fin10-hacked-casinos-mining-firms/

CIA has been hacking into Wi-Fi routers for years, leaked documents show

Routers remain a prime target for intelligence agencies and hackers alike because of they act as a central port of call for an entire network. What makes routers such an attractive target is that they are more often than not riddled with security flaws that make exploitation easy. According to one 2010-dated document, the CIA had by mid-2012 developed implants “for roughly 25 different devices from 10 different manufacturers,” including Asus, Belkin, D-Link, Linksys, and Netgear.

http://www.zdnet.com/article/cia-has-been-hacking-into-wi-fi-routers-for-years-leaked-documents-show/

Banking websites are ‘littered with trackers’ ogling your credit risk

A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers’ creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm eBlocker reports that PNC Bank has roughly 33 trackers, making it the biggest snoop.

https://www.theregister.co.uk/2017/06/15/bank_tracker_risk/?mt=1497806613040

Plugging the gap: Why are fewer women getting into cybersecurity?

It is hard to fathom why the number of women in cyber-security is not increasing. Globally, only 10 percent of the world’s cyber-security professionals are female. In Europe, this figure declines to just 7 percent of the cyber-security workforce and in the UK, only 8 percent. […] Many women who spoke to SC think programmes such as these do not tackle the whole issue.  The cyber-security industry is broad, they say, and there are a range of jobs that go beyond just technical skills.

https://www.scmagazineuk.com/plugging-the-gap-why-are-fewer-women-getting-into-cybersecurity/article/669025/

The Girl Scouts are adding a cybersecurity badge

The organization announced this week the first of 18 new badges debuting in the fall of 2018. The Girl Scouts, founded in 1912, have long received badges when they mastered certain topics or skills.  […] The focus for younger Girl Scouts will include data privacy, cyberbullying and protecting themselves online. Older members will learn how to code, become white hat (or ethical) hackers and create and work around firewalls, Acevedo said.

http://money.cnn.com/2017/06/16/technology/business/girl-scouts-cybersecurity-badges/index.html

What it takes to be a malware analyst

Cybersecurity incidents are on the rise around the world, with prominent recent examples including the worldwide WannaCry ransomware attack, and the need for experienced malware experts is outstripping the available supply of talent, says Domini Clark, principal at Blackmere Consulting, a recruiter of information security professionals.

http://www.csoonline.com/article/3200809/it-careers/what-it-takes-to-be-a-malware-analyst.html

Australian Politician Calls for Bitcoin Scrutiny in Fight Against Terrorism

The comments are the latest sign out of Australia that the government is beefing up its efforts to regulate and control encryption services. Earlier this month, both Prime Minister Malcolm Turnbull and attorney general George Brandis went public with their belief that the pervasive use of encryption is proving problematic for law enforcement.

http://www.coindesk.com/australian-politician-calls-bitcoin-scrutiny-fight-terrorism/

Major Bitcoin Exchanges Become Main Targets of Cyberattacks

Whether by accident or not, these attacks happened at the same time that investors’ interest in digital currencies has also gone through the roof. Cryptocurrencies are being rapidly adopted by multiple countries, institutions, services and agencies. Fundraising through ICOs is also reaching record heights, and people are starting to wonder if the cryptocurrency industry can handle that much attention all at once.

https://themerkle.com/major-bitcoin-exchanges-become-main-targets-of-cyberattacks/

Cyberattack Threats To Canadian Elections Increasing, Spy Agency Warns

Canada’s electronic spy agency issued a stark warning Friday that online attempts to influence or undermine the country’s electoral process are on the increase and steps must be taken to counter the efforts. Foreign Affairs Minister Chrystia Freeland calls it a serious threat to Canadian democracy  one the government, the public and the media alike must join forces to combat.

http://www.huffingtonpost.ca/2017/06/16/canadian-election-cyberattack-threats_n_17159384.html

Virginia Cyber Range serves up statewide hands-on education

The Virginia Cyber Range also provides training for faculty and features courseware addressing digital forensics, network defense, securing the critical infrastructure and the internet of things, malware detection, usability and privacy issues as well as secure coding practices.  The cloud platform allows participating schools and agencies to easily access the materials and offers scalability and responsiveness, while minimizing costs.

https://gcn.com/articles/2017/06/15/virginia-cyber-range.aspx

Hackers can exploit E-Cigarettes to hack computers

Security researcher Ross Bevington (@FourOctets on Twitter) had a presentation at BSides London that showcased an e-cigarette attacking a computer by tricking it to believe that it was a keyboard. It was also able to hack the computer by interfering with its network traffic. […] To avoid such risks, it is advised to disable data pins on the USB and keep only cable charge to prevent any information exchange between the devices it connects. Alternatively, use a USB Condom, a gadget that connects to USB and makes data pins ineffective.

https://www.hackread.com/hackers-can-use-e-cigarettes-to-hack-computers/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.