IT Security News Blast 6-9-2017

Healthcare Hacking Leading Cause for 2017 Incidents

Cybersecurity issues continue to plague the healthcare industry, so it should come as no surprise that healthcare hacking and IT incidents account for the majority of large-scale incidents in 2017. […] These reported incidents are all in the OCR data breach reporting tool, which does not necessarily account for all security incidents that have taken place so far in 2017. For example, the WannaCry ransomware attack from May 2017 affected numerous countries, with reports of US medical devices potentially being affected.

http://healthitsecurity.com/news/healthcare-hacking-leading-cause-for-2017-incidents

IP Security Cameras Vulnerable to Hostile Takeovers

Up to 18 different vulnerabilities were documented by the researchers, first of which were reported several months ago. However, the company has yet to fix any of them. The brand that has all of these flaws is called Opticam i5 HD, while some flaws were found on the model marked Foscam C2. According to the report [Pdf], it’s possible that other models developed by the same manufacturer may carry similar flaws.

https://www.hackread.com/security-cameras-vulnerable-to-hostile-takeovers/

Authentication Bypass, Potential Backdoors Plague Old WiMAX Routers

According to Viehb an attacker can set arbitrary configuration values by sending a crafted POST request to the routers commit2.cgi uniform resource identifier (URI) without authentication. In a proof of concept also published Wednesday the researcher explains how he could use a HTTP request to set the admin username and password to admin, and therefore, log into the device with admin permissions.

https://threatpost.com/authentication-bypass-potential-backdoors-plague-old-wimax-routers/126135/

Al Jazeera Says It’s Under a Massive ‘Cyber Attack’

Anonymous US officials told CNN that the FBI believes Russian hackers are behind the hack, although that does not necessarily mean that the Russian government itself was involved. According to sources who spoke to Motherboard, the hack of QNA itself was not technically sophisticated. As part of the continued diplomatic fallout, citizens of the United Arab Emirates can now be jailed for 15 years for ‘liking’ Qatar on social media.

https://motherboard.vice.com/en_us/article/al-jazeera-massive-cyber-attack

Russian government hackers planted false news story which caused Gulf crisis: U.S. intelligence

U.S. intelligence officials say Russian government hackers planted a false news story into the text prepared for release by the official Qatari news agency. The release of the Russian-manufactured story by the official Qatari news agency prompted Saudi Arabia and several of its regional allies to suspend diplomatic relations with Qatar and impose economic sanctions on it. U.S. officials say the Russian goal appears to be to cause rifts among the U.S. and its allies.

http://www.homelandsecuritynewswire.com/dr20170607-russian-government-hackers-planted-false-news-story-which-caused-gulf-crisis-u-s-intelligence

Congressman proposes bill to strengthen U.S. and NATO cyber abilities against Russia

The “Enhanced Partner Cyber Capabilities Act” would direct the President to specifically develop offensive cyber capability strategies and information and method sharing with our NATO allies. The act calls for the Department of Defense to update its cyberstrategy, draft strategy for offensive cyber capabilities, and authorize international cooperation by helping NATO partners improve their cyber capabilities. The bill states the Russian President Vladimir Putin’s regime is actively working to erode democratic systems of NATO member states including the U.S.

https://www.scmagazine.com/rep-lou-correa-introduced-bill-to-protect-us-and-nato-allies-from-russian-cyberattacks/article/667395/

I Bought a Report on Everything Known About Me Online

If you like percentages, nearly 50 percent of the data in the report about me was incorrect. Even the zip code listed does not match that of my permanent address in the U.S.; it shows instead the Zip code of an apartment where I lived several years ago. Many data points were so out of date as to be useless for marketing or nefarious purposes: My occupation is listed as student; my net worth does not take into account my really rather impressive student loan debt.

http://www.nextgov.com/big-data/2017/06/i-bought-report-everything-s-known-about-me-online/138454/

Quantum-Secured Blockchain Technology Tested in Moscow

Brute force attacks are difficult for classical computers but will be easy for the next generation of quantum computers. The vast number-crunching power of these devices mean that as soon as they are available, cryptocurrencies will be suddenly more vulnerable to attack. So a way of securing blockchain technology against quantum attack would be hugely useful. Enter Evgeny Kiktenko at the Russian Quantum Center in Mosco and a few pals who have designed, built, and tested a quantum blockchain system in which the security is guaranteed by quantum mechanics.

https://www.technologyreview.com/s/608041/first-quantum-secured-blockchain-technology-tested-in-moscow/

2.1.1 20170607 LSA update

@gentilkiwi gentilkiwi released this 2 days ago · 1 commit to master since this release

[enhancement] lsadump::lsa /inject new injected code to get password history (if any)

[new] lsadump::setnetlm (thanks to Vincent LE TOUX idea !), to set an arbitrary NTLM hash to an user

[new] net::share to enumerate remote share on a server

[new] net::serverinfo to grab remote server informations

https://github.com/gentilkiwi/mimikatz/releases

Motorola Moto G4, G5 Vulnerable to Local Root Shell Attacks

The two affected Motorola models are the Moto G4 and Moto G5. The warnings come from Aleph Research which said it found the vulnerability on up-to-date handsets running the latest Motorola Android bootloader. Exploiting the vulnerability allows the adversary to gain an unrestricted root shell. (And more!), wrote Roee Hay, manager of Aleph Research. He said vulnerable versions of the Motorola Android bootloader allow for a kernel command-line injection attack.

https://threatpost.com/motorola-moto-g4-g5-vulnerable-to-local-root-shell-attacks/126155/

Canada to use armed drones, cyberattacks to respond to global security threats

Some of Canada’s military operations will include government-sanctioned cyberattacks and drone strikes on foreign threats, and an increased role for special forces in overseas missions. The review says this new, elite and futuristic approach to war fighting will respect domestic and international laws. However, the very nature of the cloak of secrecy that envelops almost all of Canada’s special forces, as well as the active expansion of fighting in cyberspace will likely raise questions about transparency and civil liberties.

http://globalnews.ca/news/3509658/canada-military-armed-drones-cyberattack/

Former DoD official: U.S. ‘more and more vulnerable’ to cyberattacks

“I don’t see the vulnerability of U.S. critical infrastructure peaking, Miller told an audience at the Brookings Institution, I see it going up and up and up. The vulnerabilities that potentially affect the military  not only in Pentagon systems themselves but also in civilian ones like the power grid that the troops rely on are getting so severe that Miller and his colleagues on the Defense Science Board believe U.S. security is at risk.

https://www.cyberscoop.com/former-dod-official-u-s-vulnerable-cyberattacks/

Don’t like Mondays? Neither do attackers

Malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, Proofpoint said in its Human Factor Report, which analyzed malicious email traffic in 2016. Wednesdays were the second highest days for malicious emails, followed by Mondays, Tuesdays and Fridays. Weekends tend to be low-volume days for email-borne threats, but that doesn’t mean there aren’t any.

http://www.csoonline.com/article/3199997/phishing/don-t-like-mondays-neither-do-attackers.html

5 Key Takeaways from ISACA’s Cybersecurity Report

  1. Dwindling resources
  2. Budget growth is slowing.
  3. The threat environment is more hostile than ever
  4. The internet of things is the largest area of concern
  5. Ransomware is expanding

http://associationsnow.com/2017/06/5-key-takeaways-isacas-cybersecurity-report/

Sneaky hackers use Intel management tools to bypass Windows firewall

The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines. PLATINUM’s technique leverages Intel’s Active Management Technology (AMT) to do an end-run around the built-in Windows firewall. The AMT firmware runs at a low level, below the operating system, and it has access to not just the processor, but also the network interface.

https://arstechnica.com/security/2017/06/sneaky-hackers-use-intel-management-tools-to-bypass-windows-firewall/

Ex-NSA bod sues US govt for ‘illegally spying’ on Americans: We drill into ‘explosive’ ‘lawsuit’

In an extraordinary and expansive lawsuit, former CIA and NSA contractor Dennis Montgomery has teamed up with the lawyer who brought down the NSA’s mass surveillance operation – Larry Klayman – to sue all the US intelligence services and their former and current heads personally, as well as former president Barack Obama, for illegal surveillance. The complaint, filed earlier this week in Washington, DC, makes a wide range of allegations including the fact that the intelligence services are carrying out illegal and unconstitutional surveillance of millions of Americans, including the chief justice of the Supreme Court, hundreds of judges and businessmen, Donald J. Trump – and the two litigants themselves.

https://www.theregister.co.uk/2017/06/08/nsa_fbi_comey_sued_spying/

Bitcoin, Litecoin Exchange BTC-E Suffers Massive DDoS Attacks

The attacks started on 5th June when a Tweet came from the official Twiter account of BTC-E informing its customers that “Due to the increased load on the Bitcoin network may increase the time to confirm the transaction.” Later on, on 6th June in a Tweet, it was revealed that the platform is under DDoS attack, but no further information was disclosed to the customers. According to CoinTelegraph so far there hasn’t been any news if the problem has been resolved or not neither there is any follow-up Tweet.

https://www.hackread.com/bitcoin-litecoin-exchange-suffer-ddos-attacks/

Malicious Android app installs ‘impossible to remove’ adware

Once the app is downloaded, the user is presented with a message saying that the phone has a security loophole which puts the user’s account and personal information at risk. In the end, the only option that is present is the “Ok” button. Given that the user has no other choice and he/she believes it to be a legit security update from Google, the user taps the “Ok” button upon which another APK is downloaded which is dubbed as “Update.”

https://www.hackread.com/malicious-android-app-installs-impossible-to-remove-adware/

VMware Patches Critical Vulnerabilities in vSphere Data Protection

vSphere Data Protection is a backup solution for use in vSphere environments, and is usually run in tandem with VMware’s vCenter Server and vSphere Web Client. According to a security advisory published Tuesday, the product suffers from a Java deserialization issue that could let a remote attacker execute commands. Tim Roberts, Arthur Chilipweli, and Kelly Correll, security consultants at NTT Security, uncovered the vulnerability, according to the advisory.

https://threatpost.com/vmware-patches-critical-vulnerabilities-in-vsphere-data-protection/126150/

New tool spots fake online profiles

People who use fake profiles online could be more easily identified, thanks to a new tool developed by computer scientists. Researchers have trained computer models to spot social media users who make up information about themselves — known as catfishes. The system is designed to identify users who are dishonest about their age or gender. Scientists believe it could have potential benefits for helping to ensure the safety of social networks.

http://www.homelandsecuritynewswire.com/dr20170608-new-tool-spots-fake-online-profiles

Mouse hovering malware delivery scheme spotted, called potentially very dangerous

When the presentation is opened, the target sees a “Loading….Please Wait” message. As with many hyperlinks this appears blue. When the victim follows their natural inclination to hover their cursor over the “hyperlink” to check where it links, the document executes a PowerShell command. “When that PowerShell is executed it reaches out to the domain “cccn.nl” for a c.php file and downloads it to disk as a file named “ii.jse” in the temp folder,” Dodgethissecurity wrote. But, the report added, even after waiting eight hours no cybercriminal connected to the system.

https://www.scmagazine.com/mouse-hovering-malware-delivery-scheme-spotted-called-potentially-very-dangerous/article/667379/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>