IT Security News Blast 6-6-2017

Healthcare Cybersecurity Task Force Finds 6 Imperative Areas

  • Define and streamline leadership, governance, and expectations for healthcare industry cybersecurity
  • Increase the security and resilience of medical devices and health IT
  • Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities
  • Increase healthcare industry readiness through improved cybersecurity awareness and education
  • Identify mechanisms to protect R&D efforts and intellectual property from attacks or exposure
  • Improve information sharing of industry threats, risks, and mitigations

http://healthitsecurity.com/news/healthcare-cybersecurity-task-force-finds-6-imperative-areas

Liability losses tough to calculate

Setting loss reserves for the liability side of cyber claims is its most challenging aspect, say experts. “When you talk reserves for cyber, you almost have to look at it in two categories” […] The first is how you would reserve for first-party exposures, including notification and data restoration. The “more challenging is the liability side,” he said. “You may not know the full nature and extent of the breach. That’s the issue, I think, that gets refined over time, but from the outset you may not have the full understanding of how bad it may or may not be.”

http://www.businessinsurance.com/article/20170605/NEWS06/912313740/Cyber-liability-loss-reserves-tough-to-calculate

Who’s to blame for that cyberattack? Here’s why nobody’s really sure

“Even with copious amounts of data, it is incredibly difficult to find that one smoking gun,” she said. Russian security firm Kaspersky has too noted that the use of open source and readily available tools has in part made detection and attribution “almost impossible.” […] Simply put: If the hacker or attacker is sloppy, it can be easier to pin the blame — and strike back.

http://www.zdnet.com/article/nation-state-hacker-or-script-kiddie-why-is-pointing-blame-so-difficult/

Mental Health Data Security Critical in HIPAA Compliance

Without proper mental health data security, organizations could suffer a data breach and put sensitive information at risk. How does mental health data security differ from regular PHI security? Are providers able to share information with family members and caregivers? What information are providers permitted to disclose to law enforcement, and for which situations is this allowed?

http://healthitsecurity.com/features/mental-health-data-security-critical-in-hipaa-compliance

QakBot Returns, Locking Out Active Directory Accounts

The latest iteration of the malware has been spreading through endpoints via a dropper that waits 10 to 15 minutes to execute in hopes of evading detection from sandboxes or anti-virus systems. The dropper opens an executable, injects a .DLL, and overwrites the original file. From there the dropper downloads the QakBot’s payload. The malware has exhibited worm-like tendencies in the past, such as being able to self-replicate via shared drives and removable media.

https://threatpost.com/qakbot-returns-locking-out-active-directory-accounts/126071/

May wants Britain to follow European lead emphasizing cybersecurity

While May condemned what she called the “evil ideology of Islamist extremism,” the thrust of her new counterterrorism demands focused on a far more technical matter: the Internet. “We cannot allow this ideology the safe space it needs to breed,” May said Sunday, speaking outside 10 Downing Street. “Yet that is precisely what the Internet — and the big companies that provide Internet-based services — provide.”

https://www.washingtonpost.com/world/europe/may-wants-britain-to-follow-european-lead-emphasizing-cyber-security/2017/06/04/6eadd484-493a-11e7-987c-42ab5745db2e_story.html

Tech firms: We’re trying to make our sites hostile to terrorists

In the aftermath of the London attack, Facebook, Google, and Twitter have insisted that they already work closely with the UK government to flush out the sharing of extremist content—as fresh calls to crack down on the Internet and end-to-end crypto once again surfaced following a terror atrocity. […] Chief among those vows that are likely to worry tech firms, some of which offer services that come loaded with end-to-end encryption, was the PM’s call for the regulation of “cyberspace to prevent the spread of extremist terrorism planning.”

https://arstechnica.com/tech-policy/2017/06/london-attack-internet-regulation-facebook-twitter-google/

What can DoD, civilian cyber efforts learn from the Coast Guard approach to maritime security?

“A cyber analog to the Coast Guard could be a powerful tool for addressing gaps that impede our existing organizational structure. It could also serve as a much-needed cyber first response team responsible for immediate triage and handoff to the appropriate federal entity for further response, remediation, or law enforcement action.”

https://federalnewsradio.com/reporters-notebook-jason-miller/2017/06/what-can-dod-civilian-cyber-efforts-learn-from-the-coast-guard-approach-to-maritime-security/

The Supreme Court Will Decide Whether Police Need a Warrant for Sensitive Cell Phone Data

New technologies, and their ballooning capacities to collect data about the people who use them, bring enormous conveniences to both regular users and law enforcement agencies that leverage them to solve crimes. But the fact that our whereabouts, habits, and associations often leave a digital trail doesn’t nullify the Constitution’s guarantee of freedom from unreasonable government searches. The Supreme Court will now have a historic opportunity to help ensure that the data we leave behind when using essential digital devices are protected consistent with our founding principles.

https://www.aclu.org/blog/speak-freely/supreme-court-will-decide-whether-police-need-warrant-sensitive-cell-phone-data

Congressman: Russian operatives hacked Illinois elections board

Democratic U.S. Rep. Mike Quigley said Monday that Russian operatives hacked into the State Board of Elections last year to view voter database files, a potential move toward trying to make voters distrust the state and federal election system. […] Quigley’s declaration of Russian involvement in the hacking of the state elections board marked the first time the country had been definitively identified as behind the attack last year, though it had been widely suspected.

http://www.chicagotribune.com/news/local/politics/ct-mike-quigley-russian-hackers-met-0606-20170605-story.html

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/

40,000 Subdomains Tied to RIG Exploit Kit Shut Down

Most of the subdomains used GoDaddy as the primary domain registrar. GoDaddy, in conjunction with research done by RSA Security and a handful of other security companies and independent researchers, was able to shut down the subdomains in May along with hundreds of IP addresses used as malware landing pages. The technique of creating subdomains with stolen credentials is known as domain shadowing.

https://threatpost.com/40000-subdomains-tied-to-rig-exploit-kit-shut-down/126072/

Europe’s looming data protection rules look swell – for IT security peddlers. Ker-ching!

The rush to comply with Europe’s upcoming General Data Protection Regulation will balloon the continent’s IT security budgets to $11.5bn in 2018, analyst group Canalys reckons. That’s a 16 per cent year on year increase, apparently. For what it’s worth, IDC thinks Europe will spend $19bn on IT security this year, and more next year. Whichever figure you prefer, both analysts houses are anticipating fatter infosec invoices as the decade closes out.

https://www.theregister.co.uk/2017/06/05/gdpr_security_spending_forecast_canalys/

Top Tips on How to Land a Well-Paid Job in Cyber Security

The cyber security industry is well-thought of with the huge advancement of online technology and web development, and it means there are thousands of jobs available for people just like you that are interested in a well-paid technology-based career. If you’re looking to land a job in the cyber security industry but you’re not sure on how to go about it, have a look at some of the top tips below that will help you on your way.

https://www.hackread.com/top-tips-on-how-to-land-a-well-paid-job-in-cyber-security/

Google Offers $200,000 for TrustZone, Verified Boot Exploits

Because no researcher claimed the top rewards in two years, the company decided to make changes to all vulnerability reports filed after June 1, 2017 and stir researchers’ interest by significantly increasing the top-line payouts for exploit chains that could claim them. Thus, the rewards for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise were increased from $50,000 to $200,000, while those for a remote kernel exploit went from $30,000 to $150,000.

http://www.securityweek.com/google-offers-200000-trustzone-verified-boot-exploits

New Method Used to Deliver Malware via PowerPoint Files

However, researchers recently spotted several malicious PowerPoint files that use mouseover events to execute PowerShell code. These files, named “order.ppsx” or “invoice.ppsx,” have been distributed via spam emails with subject lines such as “Purchase Order #130527” and “Confirmation.” […] If the user hovers the mouse over the link – even without clicking it – the execution of PowerShell code is triggered.

http://www.securityweek.com/new-method-used-deliver-malware-powerpoint-files

53 Percent of Enterprise Flash Installs are Outdated

Flash represented the most troubling aspect of endpoint security. Not only are the majority of users running outdated Flash, but Duo found 21 percent of endpoints are running version 24.0.0.194 of Flash, which has nearly a dozen listed critical vulnerabilities identified in February 2017. Some of the most vulnerable industries running outdated versions of Flash were real estate, telecommunication and recruiting.

https://threatpost.com/53-percent-of-enterprise-flash-installs-are-outdated/126069/

Goodness gracious, great Chinese ‘Fireball’ malware infects 250m systems worldwide

Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but can just as easily turn into a prominent distributor for any additional malware. In its adware mode, Fireball hijacks and manipulates infected users’ web traffic to generate ad revenue. Fireball spreads mostly via “bundling”, which means it is installed alongside a program the user wants to download, but without their consent. The biggest proportion of infections are in India, Brazil and Mexico, but there are over 5.5 million instances of the nasty in the US.

https://www.theregister.co.uk/2017/06/02/fireball_adware_menace/

48% of U.S. Firms Using IoT Devices Suffered Security Breaches – Survey

A survey conducted by Altman Vilandrie & Company, a strategy consulting group based in the United States, studied how many firms have been subject to a security breach and what did it cost them as such. The results showed that as much as 48% of the 400 IT executives surveyed told that a security breach had hit them and that the total cost of the breaches came up to be 13% of the total revenues for smaller firms.

https://www.hackread.com/researchers-reveal-48-of-us-firms-have-experienced-iot-hacks/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.