IT Security News Blast 01-05-2018

Critical Informatics Series A Expansion

Critical Informatics raises $1.1M to expand cybersecurity platform that blends human expertise and software
Garrett Silver, CEO of Critical Informatics, told GeekWire in an interview that as hackers have devised more sophisticated ways to attack companies and institutions, much of the cybersecurity industry has responded by trying to create better software. Cyberattacks have started to include not just rogue hackers, but state-sponsored perpetrators, and as a result, the need for strong security teams, in addition to great software, has exploded.


Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
As for Intel, all Intel processors released since 1995 are impacted by Meltdown, according to researchers. The company said Wednesday that OEMs will release relevant Intel firmware updates to address the issue. […] Microsoft said it was offering an out-of-band update for Windows, ahead of next week’s Patch Tuesday security update. […] Linux security patches, protecting against Spectre and Meltdown exploits, were pushed out last week. […] Amazon released a statement regarding the impact of Meltdown and Spectre stating: “All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected[.]”


Intel shares fall as investors worry about costs of chip flaw
Intel may be on the hook for costs stemming from lawsuits claiming that the patches would slow computers and effectively force consumers to buy new hardware, and big customers will likely seek compensation from Intel for any software or hardware fixes they make, security experts said. “The potential liability is big for Intel,” said Eric Johnson, dean of Vanderbilt University’s Owen Graduate School of Management. “Everybody will be scrambling over the next few days to figure out just how big it is.”


Contractors Must Contend With New Cybersecurity Rule
The basic construct of DFARS 252.204-7012 has not changed. The final October 2016 version requires that contractors must provide “adequate security on all covered contractor information systems” and “rapidly report” any “cyber incident that affects a covered contractor information system or the covered defense information residing there-in, or that affects the contractor’s ability to perform the requirements of the contract that are designated as operationally critical support and identified in the contract.”


New Report Reveals Nation’s Largest Public Companies Suffer from Systemic Cybersecurity Challenges
“While the stock market has reached all-time highs, a major cybersecurity incident can wipeout billions of dollars in value overnight,” said Fouad Khalil, Head of Compliance at SecurityScorecard. “The vast majority of companies in the Big 500 group have similar issues that resulted in major breaches in the past. In particular, patching cadence, which is precisely the issue that led to the Equifax breach, is still a serious concern. While most companies think they have this covered, the report proves otherwise.


Tax Scam Alert: The IRS Just Issued a New Cybersecurity Warning
Owners need to be sure that anyone with access to employee records including W-2s understands that they shouldn’t send the forms or staffer information to anyone without checking to be sure this isn’t an attempted scam. The IRS also wants companies to report W-2 scam emails to the agency, and it also wants to know if anyone has become a victim.


Hospitals Face Steep Cybersecurity Challenges with Less Government Help
If the spotty, halting implementation of electronic health records over the past decade has taught IT experts anything, it’s that health data is uniquely tough to lock down. If the industry can’t figure out an easy way to get health records online, then it also isn’t going to be easy to create systems that secure the data. “There is no standard for what health records look like.


Healthcare leaders set out key strategies in new survey
The biggest priority for the healthcare industry found in the survey was cyber-security. Worryingly, only 25% of respondents felt that they were prepared to address concerns over cyber-security. Worries over personal health information and potential vulnerabilities with connected medical devices were at the forefront of 2017, with attacks such as WannaCry and hackable medical devices highlighting the issues.


New Bipartisan Bill Would Help States Beef Up Election Cybersecurity
After the “hanging chad” fiasco during the 2000 presidential recount, many states switched to electronic-only voting machines to modernize their systems. But computer scientists, cybersecurity experts and advocates for election integrity soon became concerned that with electronic-only technology, officials couldn’t verify that a vote was tabulated correctly because there was no paper record. They said paper ballots provided better audit and recount records.


Iran’s Cyber Threat: Espionage, Sabotage, and Revenge
Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet. The four-decade-long U.S.-Iran cold war has increasingly moved into cyberspace, and Tehran has been among the leading targets of uniquely invasive and destructive cyber operations by the United States and its allies. […] Offensive cyber operations have become a core tool of Iranian statecraft, providing Tehran less risky opportunities to gather information and retaliate against perceived enemies at home and abroad.


Cyberwar to occur in 2018, says Ward Solutions
The tech security firm also sees cybercriminals taking on artificial intelligence (AI) and machine learning for their attacks. In turn, organisations will use these technologies to further protect themselves. This will be evermore important with the introduction of the General Data Protection Regulation (GDPR) coming into effect on 25 May.


FCC Chair Ajit Pai cancels his CES appearance days before show
Pai’s FCC last month voted to deregulate the broadband industry and eliminate net neutrality rules that prohibit Internet service providers from blocking and throttling Internet traffic. The FCC also eliminated a ban on paid prioritization, rules requiring greater disclosure of hidden fees and penalties for exceeding data caps, and various other consumer protections. […] Pai might have had to answer questions about the repeal and coming lawsuits if he had gone through with his scheduled appearance at CES.


Mike Rogers To Retire: Director Of NSA Reportedly Plans To Retire Amid Trump Attacks On The Agency
Admiral Mike Rogers reportedly plans to retire from his post as director of the National Security Agency, leaving the agency amid attacks from Donald Trump and battles with Trump’s administration. […] Schindler has previously shared reports from the inner workings of the NSA, including a report that Rogers admitted privately that Trump did in fact collude with Russia. As Schindler wrote in the Observer, Rogers said in a town hall with NSA officials that they have “evidence of election involvement and questionable contacts with the Russians.”


Trust in digital technology will be the internet’s next frontier, for 2018 and beyond
Consumers are learning to be worried about the security of their personal information: News about a data breach involving 57 million Uber accounts follows on top of reports of a breach of the 145.5 million consumer data records on Equifax and every Yahoo account – 3 billion in all. […] Another technological threat to society comes from workplace automation. The management consulting firm, McKinsey, estimates that it could displace one-third of the U.S. workforce by 2030, even if a different set of technologies create new “gig” opportunities.


How Lawmakers Can Address the Growing Smart Device Security Risks
Consumers’ demand for these devices will continue to drive investments in both markets for cheap devices with poor security, and markets for expensive, secure devices. Increasing the cost of devices through burdensome regulation might impede the creation of all new devices. Congress should be content that within these markets, assuming equal costs, consumers will naturally tend toward buying devices that are more secure.


“Vote out” congresspeople who won’t back net neutrality, advocates say
The website lists which senators have and haven’t supported a plan to use the Congressional Review Act (CRA) to stop the repeal of net neutrality rules. […] “House and Senate leaders cannot block a CRA with majority support from coming to the floor,” the “Vote for Net Neutrality” website explains. “Net neutrality is not a partisan issue, but many Republicans in Congress have been on the wrong side of it recently. That’s changing. In the Senate, we may only need one more Republican to vote for the CRA to get it passed, given that Susan Collins (R-Maine) opposed the FCC plan and signaled openness to a CRA.”


Private Details of 240,000 DHS Employees Accessed after Data Breach
As per the details provided by the agency, the data breach is not a result of a cyber-attack or malicious activity but documents that were in possession of a former OIG employee was discovered by threat actors. The former OIG employee’s identity hasn’t been revealed by the department as yet and the criminal investigation’s direction is also being kept under wraps. The breach was identified on 10 May 2017.


Full Access to India’s National Biometric Database Reportedly Sold Over WhatsApp for About $8
Aadhaar, India’s massive biometric database, is facing new allegations of compromise after local journalists reported paying the equivalent of $8 in Indian rupees for full administrative access. With nearly 1.2 billion assigned numbers, the Aadhaar program, launched in 2009, is the largest national database of people in the world. The unique 12-digit codes assigned to citizens and other Indian residents are maintained by the Unique Identification Authority (UIDAI) and are linked to a wealth of personal information, including biometric data such as fingerprints and iris scans.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.