IT Security News Blast 6-23-2017

Cybersecurity is hot, and these Washington colleges teach it

In Washington, three community colleges Whatcom, Highline and Columbia Basin in Pasco along with the University of Washington, and the nonprofit City University of Seattle, are federally recognized centers for cyberdefense education. The recognition comes from the National Security Agency and the Department of Homeland Security. This summer, Western Washington University is building a cyber range, a computer lab that runs on a private computer network reachable through the internet, but isolated from it.

http://www.seattletimes.com/education-lab/cybersecurity-is-hot-and-these-washington-colleges-teach-it/

Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices

The vulnerabilities are not your standard buffer overflows or other known classes of bugs, he says. “This research covers several design-level vulnerabilities,” says Santamarta. “The vulnerabilities are related to the design of these devices and their radio protocols.” And the catch: there’s no fix or patch that can remedy them, he says. “There’s no solution for these issues,” Santamarta says. “You can’t patch them because it’s the way they are designed.”

https://www.darkreading.com/vulnerabilities—threats/nuclear-plants-hospitals-at-risk-of-hacked-radiation-monitoring-devices/d/d-id/1329200?

Key Ransomware Prevention Measures in Recent Executive Order

The blog post also stressed that entities need to prepare for the worst-case scenario. There must be a plan for when disaster actually strikes, and preparation should be made in case of a long-term outage. Again noting the WannaCry attack, Weber and Kapelke said that UK hospitals were forced to scramble when their data systems were frozen. Such a plan should take into account the possibility that electric grids, security systems, and anything else that depends on computing power and the internet may be shut down at least temporarily, the duo advised.

https://healthitsecurity.com/news/key-ransomware-prevention-measures-in-recent-executive-order

Election hackers were able to alter voter registration data in 2016: officials

The hackers altered voter registration data in at least one county and accessed confidential databases. The officials declined to say outright whether these hackers were affiliated with Russia. Leaked reports from the National Security Agency (NSA) say that hackers successfully penetrated voting servers in 39 states, but attempts were made on all 50 states’ systems.

http://www.rawstory.com/2017/06/election-hackers-altered-voter-registration-data-and-stole-private-info-officials/

Social Media ‘Bots’ From Russia Distorting Global Politics: Study

We know that there is a building with hundreds of employees in St. Petersburg with a budget of millions of dollars dedicated to manipulating public opinion” in a number of countries, Howard said at a media presentation.  Howard said the Russian style of propaganda involves “seeding multiple, conflicting and contradictory stories.” Woolley said the goal of this effort “is to confuse, it’s not necessarily to sell a fake story. It’s to make people so apathetic about politics and policy in general that they don’t really want to engage anymore.”

http://www.securityweek.com/social-media-bots-russia-distorting-global-politics-study

Two Brits nabbed in connection with global plot to hack Microsoft network

The detectives said they seized “a number of devices” during a raid today. The department did not clarify what information had been accessed by any alleged attacker. Microsoft confirmed to The Register that no customer information has been compromised. “This group is spread around the world and therefore the investigation is being coordinated with our various partners,” Det Sgt Rob Bryant said in a statement. SEROCU is collaborating with partners including Microsoft, the FBI, EUROPOL and the NCA’s National Cyber Crime Unit.

https://www.theregister.co.uk/2017/06/22/two_men_arrested_probe_microsoft_networks_hack/

Vic speed cameras had virus ‘breach’

“I need to find out how the cameras got infected. I need to see if there is a corruption of data of if there is a long-term impact on the system,” Mr Voyage said. “I am confident that there are not any inappropriate infringements issued.” A Justice Department spokesman confirmed the contractor had mistakenly introduced the virus. “There is no evidence that this was the result of a cyber attack. It occurred as a result of human error,” he said.

http://www.news.com.au/national/breaking-news/vic-speed-redlight-cameras-cyber-attack/news-story/16e05d6959e14ea9fc3e06f7a79d2853\

Hacked: How Business Is Fighting Back Against the Explosion in Cybercrime

As the number and scale of network attacks grow, the toll on business is rising. The average total cost of a data breach in the U.S. in 2014 was $5.85 million, according to research from IBM and the Ponemon Institute, and this year it’s estimated to be $7.35 million. According to a report earlier this year from business insurer Hiscox, cybercrime cost the global economy more than $450 billion in 2016.

https://fortune.com/2017/06/22/cybersecurity-business-fights-back/

How to protect your digital video evidence from a cyberattack

With the advent of on-officer video cameras, law enforcement agencies are dealing with an explosion of data that needs to be stored, managed, secured and safely shared with criminal justice partners and defense attorneys. This data is a top target for so-called hacktivists, state actors, terrorist organizations, international criminal organizations and others.

https://www.policeone.com/police-products/body-cameras/articles/375309006-How-to-protect-your-digital-video-evidence-from-a-cyberattack/

Cybersecurity Promises And Perils

With the growing concerns about cyberwarfare, cyberterrorism, and hacktivism, several countries are evaluating additional cybersecurity legislation and initiatives in an attempt to protect critical infrastructure and make industries more accountable for strengthening security controls.  The recent WannaCry worldwide ramsomware attack points out the vulnerability of computers with unsupported unpatched software and without regular clean backups of data on a computer before it is attacked.

https://www.forbes.com/sites/tomcoughlin/2017/06/22/cybersecurity-promises-and-perils/#593209a7a7a9

Partnership aims to protect state’s critical infrastructure from cyber attack

Representatives of governmental entities, the telecommunications industry and electrical utilities met in Sioux Falls, Friday, to discuss cyber security. Officials discussed how best to share resources and information to increase cyber security for some of the critical infrastructure in South Dakota. Speakers at the meeting included cyber security experts and Lt. Gov. Matt Michels.

http://www.kotatv.com/content/news/Partnership-aims-to-protect–429977963.html

Rhode Island bill sees highway surveillance cams ticketing uninsured motorists

Many police departments nationwide are using surveillance cameras tacked onto traffic poles and police vehicles to catch traffic violators and criminal suspects. The proceeds from traffic fines usually are divvied up with contractors. But according to the Rhode Island lawmaker sponsoring this legislation, it’s time to put surveillance cameras to a new purpose fining uninsured motorists. “It’s no different than a red light camera. It’s just looking for a different violation,” Rep. Robert Jacquard, the bill’s sponsor, told Ars.

https://arstechnica.com/tech-policy/2017/06/rhode-island-bill-sees-highway-surveillance-cams-ticketing-uninsured-motorists/

Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

Like most air-gapped malware techniques we reported on The Hacker News, this hacking tool first infects an Internet-connected computer within the target organization and then installs the Brutal Kangaroo malware on it. […] Now, as soon as a user (the employee of the organisation) inserts a USB stick into the infected computer, Shattered Assurance, a server tool infects the USB drive with a separate malware, called Drifting Deadline (also known as ‘Emotional Simian’ in the latest version).

http://thehackernews.com/2017/06/wikileaks-Brutal-Kangaroo-airgap-malware.html

BlackTech cyberespionage group linked to several campaigns

The group operates against targets in East Asia focusing on Taiwan and occasionally Japan and Hong Kong with the goal of stealing technology, according to a June 22 blog post. […] The campaigns continue to leverage new exploit techniques in order to stay relevant, Trend Micro Vice President of Cloud Research Mark Nunnikhoven said. As systems are patched and the campaigns effectiveness is impacted, the criminals are moving to more effective techniques in order to continue to be impactful.

https://www.scmagazine.com/blacktech-group-linked-to-several-cyberespionage-campaigns/article/670573/

Microsoft Says Fireball Threat Overblown

Details on Fireball were published June 1 by Check Point, which said the malware was the work of a Chinese digital marketing agency called Rafotech and that it hijacked browsers for the purpose of ad revenue generation. […] While the threat is real, the reported magnitude of its reach might have been overblown, said Hamish O’Dea of the Windows Defender research team. Check Point said today that it has been working with Microsoft since being notified of the new analysis.

https://threatpost.com/microsoft-says-fireball-threat-overblown/126472/

Microsoft PatchGuard flaw could let hackers plant rootkits on x64 Windows 10 boxen

PatchGuard (formally known as Kernel Patch Protection) was developed to prevent Windows users patching the kernel, and by extension make the OS more secure by preventing hackers from running rootkits at the kernel level. CyberArk Labs reckons GhostHook is the first technique that thwarts the defensive technology to bypass PatchGuard and hook a rootkit at the kernel level.

https://www.theregister.co.uk/2017/06/22/ms_patchguard_flaw_rootkit_risk/

25-Year-Old Hacker Pleads Guilty to Hacking U.S. Military Satellite Phone System

Sean Caffrey, a 25-year-old resident of Sutton Coldfield in the West Midlands, has admitted to breaking into a US military communications system in June 2014 and stealing usernames and email addresses of over 800 employees and data from 30,000 satellite phones, the UK’s National Crime Agency announced on Thursday. The UK authorities arrested Caffrey in March 2015 after they traced back the hack to his home IP address, which indicates the hacker did not use any anonymity service, such as VPN, proxy or Tor, to hide its track.

http://thehackernews.com/2017/06/british-hacker-military-system.html

Cisco Patches XXE, DOS, Code Execution Vulnerabilities

One of the issues, an XML External Entity (XXE) vulnerability, exists in versions 1.1 through 3.1.6 of Cisco’s Prime Infrastructure software. The vulnerability is dependent on an admin getting tricked into importing a malicious XML file. By doing so in the web-based user interface Cisco says an authenticated, remote attacker could achieve read and write access to data stored in vulnerable systems, or perform remote code execution.

https://threatpost.com/cisco-patches-xxe-dos-code-execution-vulnerabilities/126488/

Explainer: How malware gets inside your apps

It is far more common for malware to be inserted into already existing applications. There are a number of different mechanisms through which criminals achieve this feat:

  • Application republishing
  • Malvertising
  • Application acquisition
  • Infected development tool

https://gcn.com/articles/2017/06/22/malware-explainer.aspx

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.