IT Security News Blast 9-13-2017

How I learned to trust my shell

If you’re looking at PowerShell and asking yourself “How do I ensure we’re only running known or approved scripts and not malware?” or “I like some of what PowerShell does but I want to give it some limits” …good news!  Microsoft included a few safeguards that IT Operations and Blue Teams can use to lock down an environment.  Some popular PS safeguards include requiring signed code (set-executionpolicy), or setting up Just-Enough-Administration (JEA) or Just-In-Time-Administration (JITA), but what we’re looking at today is Constrained Language Mode.

https://criticalinformatics.com/how-i-learned-to-trust-my-shell-microsoft-powershell/

 Equifax flaws exposed by hack attack

At the Securities and Exchange Commission, for example, analysts expect regulators to focus on the five-week gap between discovery and disclosure, and the insider stock sales in between. The SEC declined to comment on whether it had begun a probe, but one former enforcement official expressed confidence to the Financial Times that the agency would take action. “People will be fighting to open this,” the former official said. “[The chairman] is worried at a macro level about investors understanding the risks.”

https://www.ft.com/content/2b8b769e-9754-11e7-b83c-9588e51488a0

 Equifax backtracks arbitrate-don’t-litigate plan for punters

Following its 143-million-record megaleak, the company posted a Website meant to let worried people sign up for a credit file monitoring product – if they agreed to arbitration and waived their right to sue. That, and the fact that “https://www.equifaxsecurity2017.com” was a WordPress site, and therefore hardly a paragon of security, raised eyebrows and criticism from World+Dog. Now, Equifax has relented – at least in the matter of forced arbitration.

https://www.theregister.co.uk/2017/09/12/equifax_backtracks_on_complaint_of_forced_arbitration/

 As hackers become more destructive, security needs an all-hands approach

“There tends to be a concern about stolen data. But it’s not only credit information and so on,” Madnick said at the Healthcare Security Forum on Monday. “Breaches not only affect your information, but your safety.” Highlighting some of the world’s most destructive cyberattacks — such as government shutdowns, electrical grid disruptions and the like — Madnick explained that these types of threats are the most pressing. Healthcare organizations may find these attacks fascinating — but providers should also be concerned.

http://www.healthcareitnews.com/news/hackers-become-more-destructive-security-needs-all-hands-approach

 Why do big hacks happen? Blame Big Data

No longer can these companies be allowed to exist in the shadows quietly sucking up alarming amounts of data about people. Data is often called the “new oil” and a new “kind of capital” because it generates huge profits for a fast-growing industry. Rather than simply laugh off these metaphors, we should take a cue from them and treat Big Data with the same wariness we direct toward Big Oil and Big Finance. In terms of power and wealth, the data capitalists are already usurping the oil barons and hedge fund managers, as Olivia Solon and Sabrina Siddiqui report. “It used to be banks, but now it is tech giants that dominate the US lobbying industry.”

https://www.theguardian.com/commentisfree/2017/sep/08/why-do-big-hacks-happen-blame-big-data?_lrsc=9e332823-f218-4bcf-9e81-25d22e8db4a1

 Are cryptocurrencies a dream come true for cyber-extortionists?

Before digital currencies existed, extortionists asked victims to send money by more formal transfer companies like Western Union or make deposits to bank accounts. Those were easily traced. […] In researching cybercrime and cybersecurity for more than a decade, I have found that obtaining cybercrime proceeds is often the biggest challenge that cybercriminals face. In this regard, diffusion of cryptocurrencies is a major development that enables cybercriminals to achieve their goals. In fact, the escalation of ransomware attacks and the increasing prominence of cryptocurrencies may be connected.

http://wtop.com/business-finance/2017/09/are-cryptocurrencies-a-dream-come-true-for-cyber-extortionists/

 North Korean state-sponsored hackers are trying to steal bitcoin to evade sanctions, report says

“As bitcoin and other cryptocurrencies have increased in value in the last year, nation states are beginning to take notice,” Luke McNamara, senior cyber threat intelligence analyst at FireEye, wrote in the report. Several governments have shown increasing interest in virtual currencies as they move out of the periphery and into the mainstream. The U.S. government for instance has signaled that securities law could apply to ICOs. Meanwhile, Estonia has said it wants to launch its own cryptocurrency, called “estcoin”, via a state-backed ICO.

https://www.cnbc.com/2017/09/12/north-korea-hackers-trying-to-steal-bitcoin-evade-sanctions.html

 Hackers Have Already Started to Weaponize Artificial Intelligence

“Hackers have been using artificial intelligence as a weapon for quite some time,” said Brian Wallace, Cylance Lead Security Data Scientist, in an interview with Gizmodo. “It makes total sense because hackers have a problem of scale, trying to attack as many people as they can, hitting as many targets as possible, and all the while trying to reduce risks to themselves. Artificial intelligence, and machine learning in particular, are perfect tools to be using on their end.” These tools, he says, can make decisions about what to attack, who to attack, when to attack, and so on.

http://gizmodo.com/hackers-have-already-started-to-weaponize-artificial-in-1797688425

 The Fake Americans Russia Created to Influence the Election

An investigation by The New York Times, and new research from the cybersecurity firm FireEye, reveals some of the mechanisms by which suspected Russian operators used Twitter and Facebook to spread anti-Clinton messages and promote the hacked material they had leaked. On Wednesday, Facebook officials disclosed that they had shut down several hundred accounts that they believe were created by a Russian company linked to the Kremlin and used to buy $100,000 in ads pushing divisive issues during and after the American election campaign. On Twitter, as on Facebook, Russian fingerprints are on hundreds or thousands of fake accounts that regularly posted anti-Clinton messages.

https://mobile.nytimes.com/2017/09/07/us/politics/russia-facebook-twitter-election.html

 Russian-made Facebook page invited Americans to protest “upsurge of violence”

In addition to creating fake Americans on Facebook as a way to generate anti-Clinton buzz online during the 2016 presidential campaign, it now appears that those accounts also organized and promoted real-world political protests using Facebook pages. […] “Due to the town of Twin falls, Idaho, becoming a center of refugee resettlement, which led to the huge upsurge of violence towards American citizens, it is crucial to draw society’s attention to this problem,” one page authored by a group called Secured Borders advertised. “Twin falls suffered the most from Obama’s immigration policy, because at least two horrific assaults by refugees happened there in just last two months.” No such assaults ever took place.

https://arstechnica.com/tech-policy/2017/09/fake-facebook-event-pages-tried-to-entice-real-anti-immigration-rallies/

 Pressure mounts on Facebook to release campaign ads bought by Russia

“We are not aware of any federal law that would prohibit Facebook from making these ads public,” the letter to Zuckerberg continued. “[B]y hosting these secretly-sponsored Russian political ads, Facebook appears to have been used as an accomplice in a foreign government’s effort to undermine democratic self-governance in the United States. Therefore, we ask you, as the head of a company that has used its platform to promote democratic engagement, to be transparent about how foreign actors used that same platform to undermine our democracy.”

https://www.yahoo.com/news/pressure-mounts-facebook-release-campaign-ads-bought-russia-182538389.html

 Guess Which Gender Trusts Artificial Intelligence More?

A majority of people are skeptical of the government adopting artificial intelligence tools to manage its citizen services, but more men than women say they are comfortable with the technological shift, according to a new survey. In a report published by Accenture, one-third of men said they trusted AI to manage their health care, while only 20 percent of women felt the same way. Though the gender gap was widest for health care, researchers found that in six different categories of citizen services, men trusted A.I. technology more than women did.

http://www.nextgov.com/emerging-tech/2017/09/guess-which-gender-trusts-artificial-intelligence-more/140854/

 Under scrutiny, Kaspersky Lab considers changes to U.S. subsidiary

“Given that U.S. government sales have not been a significant part of the company’s activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities,” a Kaspersky spokeswoman said in a statement to Reuters. She added that the company was planning to open new offices in Chicago, Los Angeles and Toronto in 2018.

http://www.reuters.com/article/us-usa-kasperskylab/under-scrutiny-kaspersky-lab-considers-changes-to-u-s-subsidiary-idUSKCN1BN1YV

 Neo-Nazi DailyStormer Booted Off By Austrian Domain Registrar

  • On 14th August GoDaddy banned DailyStormer’s .com domain from the Internet
  • On 16th August Russian domain registrar removed DailyStormer from the .RU domain
  • On 16th August again, CloudFlare removes its DDoS protection service from the .RU domain
  • On 27th August, US firm DreamHost removed DailyStormer’s new domain PunishedStormer
  • On 1st September, the Albanian domain registrar HostDotal removed DailyStormer’s .AL domain

[…] On August 29, one of the oldest and most popular White-Supremacist website known as the Murder Capital of the Internet “Stormfront” was also booted off for its racist and hate content.

https://www.hackread.com/dailystormer-booted-off-by-austrian-domain-registrar/

 Trump wants Congress to reauthorize surveillance tool

The Foreign Intelligence Surveillance Act allows the government to collect information about militants, people suspected of cyber crimes or proliferation of weapons of mass destruction, and other foreign targets outside the United States. Intelligence and law enforcement officials say the act is vital to national security. Section 702 of the act permits the government, under the oversight of the Foreign Intelligence Surveillance Court, to target non-Americans outside the United States.

https://www.washingtonpost.com/politics/congress/trump-wants-congress-to-reauthorize-surveillance-tool/2017/09/11/4fa33222-973d-11e7-af6a-6555caaeb8dc_story.html

 NOAA gets judge to agree that its scientists’ e-mails are protected

Once upon a time (in mid-2015), some climate scientists at the National Oceanic and Atmospheric Administration published a study in the journal Science. […] The problem was that this study put yet another nail in the crowded lid of a coffin housing the claim that global warming had somehow suddenly ceased in 1998. Because the study involved an update to NOAA’s global temperature dataset, some who disliked its conclusion—like US House Science Committee Chair Lamar Smith (R-Texas)—alleged without evidence that the scientists had improperly manipulated data. This began a long fight between NOAA and Rep. Smith, who issued subpoenas for the scientists’ e-mails and early drafts.

https://arstechnica.com/science/2017/09/judge-rejects-foia-suit-seeking-government-climate-scientists-e-mails/

 Billions of Bluetooth devices vulnerable to takeovers, MITM attacks; no user action required

Because phones compromised via BlueBorne bugs can quickly infect nearby devices over the air, attacks can quickly spread like wildfire, creating potentially unprecedented scenarios. Michael Parker, VP of marketing at Armis, used the WannaCry ransomware attack as an example. “You had WannaCry. Now imagine WannaCry ‘Blue,'” said Parker to SC Media. “It is ransomware that is spread through Bluetooth…It can spread from device to device, unnoticed by current security measures, locking down smartphones, desktops, laptops, and it can’t be stopped by traditional methods.”

https://www.scmagazine.com/billions-of-bluetooth-devices-vulnerable-to-takeovers-mitm-attacks-no-user-action-required/article/688037/

 DNSSEC key signing key rollover: Are you ready?

The Internet Corporation for Assigned Names and Numbers (ICANN) will start using the new root zone key signing key generated late last year to sign domains starting Oct. 11. Internet service providers (ISP), enterprise network operators, hardware manufacturers, and application developers performing DNSSEC validation need to update their systems with the public part of the key pair by the deadline. If the systems aren’t updated with the new public key, when the old key is finally revoked in 2018, DNSSEC validations will fail and cause DNS to break.

https://www.csoonline.com/article/3223951/internet/dnssec-key-signing-key-rollover-are-you-ready.html

 Today’s property rules don’t work in our IoT world

Many services we consume are “free” because we agree to allow the provider to find alternative sources of revenue. The most popular option that has emerged is the sale of personal information and not just usage information. Fairfield calls customer information the “currency of the Internet.” […] In Owned, Fairfield cites examples such as Orbitz charging Apple Mac computer users higher rates and the fact that doing multiple searches for the same flight can cause the specific user’s price to go up. “What began as simple exchange — information for valuable goods and services — has escalated to exploitation,” Fairfield says.

https://www.networkworld.com/article/3222861/internet-of-things/todays-property-rules-dont-work-in-our-iot-world.html

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>