IT Security News Blast 7-18-2017

Cyber Threats Becoming Plague for Financial Professionals [Registration]

These cyber concerns are not without merit, as 64 percent of respondents reported that either their organization or one of their clients was involved in a cybersecurity event in the past year. The most commonly cited incidents were business email compromise (20 percent); account takeover (19 percent); and data breach (15 percent).

http://www.cpapracticeadvisor.com/news/12351747/cyber-threats-becoming-plague-for-financial-professionals

 Getting ready for SEC cyber-security tests

Governments will eventually regulate industry to solve ongoing problems, and the investment industry is no exception. As cyber-risks increasingly threaten corporate finance, the Securities and Exchange Commission is tightening controls to ensure that registered investment advisers and funds comply. Here’s what’s happening and what you must do about it.

https://www.complianceweek.com/news/news-article/getting-ready-for-sec-cyber-security-tests

 Report: Cyber-attacks could cost us more than hurricanes

WannaCry cost the world billions – and worse, it revealed that not only are we vulnerable, but those weaknesses can be exploited for money by criminals with little-to-no computer or hacking skill. The financial implications are staggering and this is just the beginning. Predicting the impact of a disaster isn’t an exact science. Furthermore, Lloyd’s reports, it’s a problem that is growing[.]

https://thenextweb.com/finance/2017/07/17/report-cyber-attacks-cost-us-hurricanes/#.tnw_sMYIV9gb

 FedEx says cyber attack to hurt full-year results

Package delivery company FedEx Corp (FDX.N) said a disruption in services in its TNT Express unit following a cyber attack last month would hurt its full-year results. FedEx’s shares fell as much as 3.4 percent to $211.53 in early trading as the company said the financial impact of the disruption on its results was likely to be “material”. The Netherlands-based TNT Express is still experiencing widespread service delays following the attack, caused by the Petya cyber virus that spread through a Ukrainian tax software product, FedEx said.

https://www.reuters.com/article/us-cyber-attack-fedex-idUSKBN1A21D7

 Fake WhatsApp Subscription Email Stealing Banking Data

Indeed, scammers did not leave out such a simple way to have users duped. As such, the London police, specifically, the Action Fraud unit, which is the department that deals with cyber crime, recently discovered a campaign where spammers send emails to victims, notifying that their WhatsApp subscription is about to end. […] However, the emails have been asking the users to provide their banking details in order to pay for the subscriptions. This is where the scam relies on stealing a victim’s bank details. The email has a link to a customer portal where the victim is tricked into entering his/her details.

https://www.hackread.com/fake-whatsapp-subscription-email-stealing-banking-data/

 Fintech, Cybersecurity Among Key Risks to Banks: OCC

“Cybersecurity and fraud continue to pose risk from the increasing volume and sophistication of cyber threats and IT vulnerabilities,” the report said of large banks, while noting that it’s increasingly important for midsize and community banks to develop “cyber resiliency” as malware and extortion schemes become more complex and these banks are more likely to rely on third parties for cyber protection.

http://www.cutimes.com/2017/07/17/fintech-cybersecurity-among-key-risks-to-banks-occ

 Why has healthcare become such a target for cyber-attackers?

Part of the reason for the threat against the healthcare sector is that it is classed as national critical infrastructure, alongside water, electricity and transport networks. This makes it an attractive target for those hackers wanting to cause chaos, especially from a hostile foreign country. Attacking a healthcare organisation that is part of a wider network of infrastructure could also provide a way in to other critical facilities.

http://theconversation.com/why-has-healthcare-become-such-a-target-for-cyber-attackers-80656

 National Cyber Security Alert

[Within] the last sixty days, we have seen over 198M GOP voters information leaked through poor security practices by a contractor; a fired employee hacking and shutting down smart water readers in five U.S. cities; the city of Dallas losing control of its emergency siren warning system from an apparent cyber-attack; and healthcare and university data breaches across the country.

http://www.jdsupra.com/legalnews/national-cyber-security-alert-63993/

 The 3 most in-demand cybersecurity jobs of 2017

Here are the three most in-demand cybersecurity jobs this year, according to Mondo:

1. Penetration testers

2. Cybersecurity engineers

3. CISOs

http://www.techrepublic.com/article/the-3-most-in-demand-cybersecurity-jobs-of-2017/

 Cybersecurity Habits Across Generations (Infographic)

[Millennials] are one of the most concerned generations when it comes to online security. Nearly three-quarters believe they are targets for hackers, so they go above and beyond when it comes to protecting themselves. A majority of surveyed millennials use three to five different passwords for their accounts and are always on the lookout for new tools to help them protect their privacy.

https://www.entrepreneur.com/article/297232

 Government ‘Cyber Troops’ manipulate Facebook, Twitter, study says

“Social media makes propaganda campaigns much stronger and potentially more effective than in the past,” said Samantha Bradshaw, the report’s lead author and a researcher at Oxford’s Computational Propaganda Research Project. “I don’t think people realize how much governments are using these tools to reach them. It’s a lot more hidden.”

http://www.financialexpress.com/industry/technology/government-cyber-troops-manipulate-facebook-twitter-study-says/767286/

 FBI warns parents of privacy risks associated with internet-connected toys

In an advisory posted on its website, the Federal Bureau of Investigation said that such toys may contain parts or capabilities such as microphones, cameras, GPS, data storage and speech recognition that may disclose personal information. Normal conversation with a toy or in the surrounding environment may disclose a child’s name, school, likes and dislikes and activities, the FBI said.

http://www.reuters.com/article/us-usa-toys-fbi-idUSKBN1A22AW

 U.S. Appeals Court Upholds Nondisclosure Rules for Surveillance Orders

A unanimous three-judge panel on the 9th U.S. Circuit Court of Appeals in San Francisco sided with a lower court ruling in finding that rules permitting the FBI to send national security letters under gag orders are appropriate and do not violate the First Amendment of the U.S. Constitution’s free speech protections.

https://www.usnews.com/news/technology/articles/2017-07-17/us-appeals-court-upholds-nondisclosure-rules-for-surveillance-orders

 IBM’s Plan To Encrypt Unthinkable Amounts of Sensitive Data

“This represents a 400 percent increase in silicon that’s dedicated specifically to cryptographic processes—over six billion transistors dedicated to cryptography,” says Caleb Barlow, vice president of threat intelligence at IBM Security. “So for any type of transaction system we can now get the safety that we’re all after, which just hasn’t really been attainable up to this point.”

https://www.wired.com/story/ibm-z-mainframe-encryption/

 4 Ways to Prevent IP Video Surveillance Hacks

1. Conduct regular vulnerability tests and reviews for all IP video products and systems.

2. Limit the number of privileged users and minimize physical access to IP video.

3. Don’t use default passwords or ports.

4. Speak with integrators, manufacturers and service providers to stay current on new threats, mitigation tactics and emerging technologies.

http://www.campussafetymagazine.com/technology/4-ways-to-prevent-video-surveillance-hacks/

 Russia Could Easily Spread Fake News Without Team Trump’s Help

The fact is, targeting voters with propaganda isn’t that hard. “It’s easier than ever for anyone with an agenda to promote news, and the targeting is the least important part of it,” says Andrew Bleeker, president of Bully Pulpit Interactive, which ran Clinton’s digital advertising. “It’s not like it’s a real secret we had to win Cleveland or Detroit.” In other words, there’s nothing preventing a Russian actor or anyone else from reading the news and understanding the American electorate, and thanks to readily available digital tools, targeting that electorate is simple.

https://www.wired.com/story/russia-trump-targeting-fake-news/

 Crowdsourcing cyber defence is now a necessity

There simply is no magic solution to cyber defence. Businesses can continue to spend astronomical amounts of money to address this danger individually, or they can team up and tackle this challenge together, creating a cyber defence force multiplier that will better protect global commerce and enhance international security. Think of it as crowdsourcing cyber security. The best part? The cost of sharing cyber threat data is relatively inexpensive and we all reap the benefits.

http://www.information-age.com/crowdsourcing-cyber-defence-necessity-123467330/

 Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Cisco has provided updates today for WebEx browser extensions for Chrome and Firefox after Google Project Zero researcher Tavis Ormandy and Divergent Security’s Cris Neckar privately disclosed a vulnerability that could be abused to remotely run code on a computer running the browser extension. Tens of millions of computers have the extension installed.

https://threatpost.com/cisco-patches-another-critical-ormandy-bug-in-webex-extension/126879/

 Lawyers score big in settlement for Ashley Madison cheating site data breach

The owners of the Ashley Madison cheating-dating website have agreed to pay $11.2 million to settle two dozen data breach lawsuits as a result of a 2015 incident involving as many as 37 million members’ personal identifying information being exposed online. The deal (PDF) earmarks up to one-third, or about $3.7 million, for attorneys’ fees and costs. An additional $500,000 has been set aside to administer the remaining $7 million earmarked for Ashley Madison members.

https://arstechnica.com/tech-policy/2017/07/sssshhh-claim-your-19-from-ashley-madison-class-action-settlement/

 Burglary in mind? Easy, just pwn the home alarm

iSmartAlarm ships a variety of app-linked security products, including door sensors, motion sensors, cameras, locks, and a controller unit (called the Cube), with iOS and Android apps, Alexa capabilities … pretty much the full suite of ShinyHappySmartLife™ must-haves. Now, it’s time to get out your bingo cards, because the list of vulnerabilities includes issues with SSL certificate validation, authentication errors, an access control blunder, and a denial of service.

https://www.theregister.co.uk/2017/07/17/burglary_in_mind_easy_just_pwn_the_home_alarm/

 CoinDash’ Token Sale Site Hacked; $7 Million Ethereum Stolen

As of now, CoinDash has shut down their website and is currently investigating the issue. The company has also assured their clients and customers that it will issue certified digital tokens (CDTs) to those who had sent ETH to the fraudulent Ethereum address. However, those who had sent transactions after the CoinDash’s site was shut down will not be compensated.

https://www.hackread.com/coindash-token-sale-ico-website-hacked-ethereum-stolen-2/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.