IT Security News Blast 7-26-2017


Why Are Local Governments Using a Russian Software the Feds Won’t?

“AT&T is not the communication center I care about. 911 is the communication center I care about. [Cyber actors] have the ability to create actual terror in the United States,” says Michael Hamilton, the former [CISO] of Seattle and [Founder] of the cybersecurity firm Critical Informatics, Inc. However, Hamilton believes it’s premature for local governments to pull out of contracts with Kaspersky Lab, given that there have been no specific vulnerabilities identified and no evidence of malicious intent released to the public. “It’s got to be demonstrated somewhere that this threat is real” before local governments spend money to replace the software, he says.

 New Form of Cyber-Attack Targets Energy Sector

What makes this latest type of spear-phishing attack hard for the energy companies to identify is that the lure email and attached Word document are totally clean and contain no malicious code whatsoever. They are therefore undetectable to incoming email monitoring defenses. Instead, the weaponized Word document contains a template reference that, when the document is loaded, connects to an attacker’s server via Server Message Block (SMB) to download a Word template which can include embedded malicious payloads.

 How knowing the difference between Petya and NotPetya can help security pros block malware

The infosec lexicon got a new phrase in the wake of the Petya NotPetya attacks: Ransomworm. Not to to be confused with ransomware, NotPetya is a uniquely disguised and damaging attack on an organization’s information systems and data. Just as important, the new type of attack is not over and, in fact, is already causing permanent damage.  As such, healthcare security teams need to fully understand NotPetya, what it is, what it can do, lessons learned to date, and what it means for the future of cybersecurity.

 Remotely hacking ships shouldn’t be this easy, and yet …

A group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships’ satellite antenna systems leaves them wide open to attack — and the possible consequences are startling. Anyone who gained access to the system in question, and was so inclined, could manually change a ship’s GPS coordinates or possibly even brick the boat’s navigation system entirely by uploading new firmware. And why would anyone want to do that?

 Learning from the Financial Sector’s Cybersecurity Regulations

All these institutions and organizations are at risk – great risk – despite the fact that they, too, are regulated to an extent, like financial institutions. What about businesses? What about the manufacturers, retail outlets, and supply chain members that are the fabric of society? What would happen if, for example, hackers were able to disable the system where meat and dairy is distributed to supermarkets from distribution centers for a week? That, too, is critical for the functioning of society – but unlike with banks, there is no one to tell them what to do to defend themselves, and how to do it.

 Protect against the fastest-growing crime: cyber attacks

Financial advisors are increasingly aware of this threat, with 81 percent saying cybersecurity is a high priority. Yet, just 29 percent say they are “fully prepared to manage and mitigate the risks associated with cybersecurity,” according to a study released last September by the Financial Planning Association’s Research and Practice Institute. However, just in the past year, advisors have been upping their security[.] Not only because of what they’ve seen in the news, but also because some large firms have taken hits and witnessed fraud attempts firsthand.

 New cyber security consortium leads to open data, security platform for companies

“We’re fighting a highly automated adversary,” he said. “No one company can do all of the innovation; it’s not a one company problem.” That’s where groups like the CTA come in; information sharing through CTA has already contributed to the analysis and profiling of WannaCry ransomware. But that doesn’t mean the individual members, including Palo Alto Networks, sit on their hands. “We want to turn unknown bad things into known bad things,” Anderson said. “So we thought, ‘why not open the data to everyone?’”

 Glassdoor pushes back against moves to identify anonymous reviewers

The subpoena was initially demanding identifying information on anybody who reviewed the company from September 1 2008 to the present, including, but not limited to, IP address; logs associated with all posts, including date and time of post; username; email address; resume; billing information such as name, credit card information, billing address, and payment history; and any other available contact information. No can do, said Glassdoor: that would infringe reviewers’ First Amendment right to anonymous expression and would have a chilling effect on users’ inclination to use the service. […] The government nixed that idea, so Glassdoor’s ready to fight the subpoena in court.

 Briar Tor-Based Messenger Passes Security Audit, Enters Beta Stage

The conclusion of the security audit is that Briar for Android provides “an overall good handling of matters linked to security and privacy.” Furthermore, the code responsible with the app’s cryptography “was found to be exceptionally clear and sound, with no vulnerabilities spotted,” said Cure53 in their report. All bugs discovered during the audit were fixed in the Briar app’s beta version currently available on the Play Store.

 Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities

Talos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) originally developed by Microsoft. RDP allows users to connect remotely to systems so they can be operated from afar. The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications.

 PureFunds ISE Cyber Security ETF (HACK) Chart Update & Technical Review

Investors may be taking a look at some additional technical numbers on shares of PureFunds ISE Cyber Security ETF (HACK). The 14-day RSI is currently spotted at 50.42, the 7-day is at 47.68, and the 3-day is sitting at 32.07. The RSI, or Relative Strength Index, is a widely used technical momentum indicator that compares price movement over time.  […] The normal reading of a stock will fall in the range of 30 to 70. A reading over 70 would indicate that the stock is overbought, and possibly overvalued. A reading under 30 may indicate that the stock is oversold, and possibly undervalued.

 Cyber Deterrence – Left of Virtual Boom

Another consideration is known as deterrence by denial. It involves a combination of cyber defenses and societal, economic, and military resilience to attacks, forcing potential adversaries to doubt that they will succeed at achieving their desired goals by means of a cyber attack. Theoretically , the overwhelming obstacles to success would dissuade them from taking the risk in the first place. Redundancies and analogue cutoffs can shield weapons systems and power grids, causing adversaries to question their ability to mount an effective cyber attack.

 Here’s how DoD organizes its cyber warriors

The cyber mission force consists of 133 teams and 6,200 persons, which include: 13 National Mission Teams that defend the nation; 68 cyber protection teams that work to defend DoD networks; 27 combat mission teams that provide support to combatant commanders and generate effects in support of operational plans and contingencies, and; 25 support teams that provide analytic and planning support to the national mission teams. Of the 133 CMF teams, the Army provides 41, the Navy provides 40, the Air Force provides 39 and the Marine Corps provides 13.

 Iran-linked cyber spies use simple yet effective hacks: report

A cyber spying group with links to Iran and active for the past four years is targeting countries including Israel, Saudi Arabia, Germany and the United States, security researchers said on Tuesday. A new report by Tokyo-based Trend Micro (4704.T) and ClearSky of Israel detailed incidents as recently as April of this year involving a group known as “CopyKittens”. […] It was seen impersonating popular media brands like Twitter, Youtube, the BBC and security firms such as Microsoft, Intel and even Trend Micro. “CopyKittens is very persistent, despite lacking technological sophistication and operational discipline,” the researchers said in a statement.

 Bill to create new cyber agency at DHS to be introduced this week

McCaul, the chairman of the Homeland Security Committee, is expected to introduce and have the committee mark up on July 26 the Cybersecurity and Infrastructure Security Agency Act of 2017. The much-anticipated bill would change the name of the National Protection and Programs Directorate to the Cybersecurity and Infrastructure Security Agency. The bill also would transfer the Federal Protective Service and the Office of Biometrics under this new organization.

 Mobile Security and Privacy

Anonymity refers to the absence of identifying information of an individual. In the digital age, user anonymity is critically important since computers could be used to infer individuals’ lifestyles, habits, whereabouts, and associations from data collected in different daily transactions. However, merely removing explicit identifiers may not provide sufficient protection. […] Over the years, the research community has developed various privacy models, including k-anonymity and differential privacy. In this chapter, we discuss these definitions and implications and the techniques to achieve them.

 Global risk experts list top ten business concerns

A survey of 138 global risk professionals has revealed that change fatigue is the top developing concern in the CEB, now Gartner, quarterly Emerging Risks report. While change fatigue kept its spot as the top concern for the second consecutive quarter, a series of related cyber risks is rapidly gaining prominence for executives and has the greatest potential to disrupt organisations in the future.

 Is ‘cybersecurity’ the Y2K of this generation?

In the beginning, the IT world identified the problem and started telling people to fix their software. Then they saw how much money could be made testing and fixing the software, so they turned up the hype, exaggerated the impact, and started taking in nice big fees. And just as today, any technical discussions were hijacked to discuss Y2K and how bad it was. The same thing is happening with cybersecurity. The threat is real and can cost people large amounts of money. It could even put our nation’s elections into question. However, that just means we need to take it more seriously and stop the fear mongers who want to leverage panic to sell products and services.

 Restoring Machine Learning’s Good Name In Cybersecurity

I returned from the recent Gartner Security Summit and was not surprised to observe a general feeling of suspicion among corporate security officers. Many of them feel that most security vendors that claim to utilize artificial intelligence (AI) and machine learning (ML) are not really doing so, or are doing so at a level far below what they are promising. Companies that produce cybersecurity tools tend to hide their limitations behind complexity. That is why intricate concepts like AI, ML and advanced neural network systems make the perfect smokescreen for a cybersecurity product’s shortcomings.

 If Only a Simple Gadget Rating Could Save Us From Cyberattack

Last year, cyber security experts warned Congress that the security situation surrounding connected devices was worsening because manufacturers lack incentives to prioritize security. At the time Kevin Fu, a professor of computer science and engineering at the University of Michigan, said that the U.S. government should establish an independent body to test the security of IoT devices. That’s perhaps a better idea than Barton’s, but again it’s still not clear how it would work in practice.

 FBI’s Surveillance Van Sold on eBay for US $18,700

A video of the vehicle was posted by Senfeldas, which is still available on YouTube. The video showed various features and USPs (unique selling points) of the van. As depicted in the video, the van has two LCD screens, audio recording equipment, video cameras, and microphones. Additionally, the seller has uploaded footages of the left over audio cassettes and CDs, which probably belong to old investigations from the FBI.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.