IT Security News Blast 01-08-2018

Swarm Cyber Attacks

Why machine learning isn’t a cure-all to improve security
As machine learning gains wider adoption, it’s crucial for healthcare providers to develop a better understanding of how the technology can help them better protect their data from rapidly evolving threats. Doing so will help them distinguish between security solutions that are applying machine learning to old approaches, and those that are using machine learning in more innovative ways to provide them with the accuracy, coverage, and certainty they need from their security.


Can we really automate how security analysts think?
Security automation is already proving it can help with complex analysis in the SOC. In fact, we’ve seen that by applying intelligent automation, it’s possible to have machines eliminate 95 percent of the false positive security alerts overwhelming security analysts today, freeing those analysts to spend more time on threat mitigation and proactive threat hunting.


‘Swarm’ cyber attacks, crypto-currency stealing malware predicted for 2018
“We predict that cybercriminals will begin to combine artificial intelligence technologies with multi-vector attack methods to scan for, detect, and exploit weaknesses in a cloud provider’s environment. The impact of such attacks could create a massive payday for a criminal organisation and disrupt service for potentially hundreds or thousands of businesses and tens of thousands or even millions of their customers.”


Watchfulness Is ‘New Normal’ for Mecklenburg County After Ransomware Hack
Public and internal online services in Mecklenburg County, N.C., where hackers last month penetrated defenses and froze key data, are nearly completely restored but the incident has changed the county’s security posture and strategy, its county manager told commissioners this week. Mecklenburg County temporarily shuttered all online systems as a precaution, but has already relaunched core, critical Tier One services and should restart any remaining Tier Two internal-facing applications by week’s end[.]


Companies rush to patch security flaws Meltdown and Spectre
Hackers are expected to race to exploit the vulnerability to steal data. Given the recent rise in the value of bitcoin, some believe they may be particularly interested stealing the access details to empty bitcoin wallets. […] There is not much individual computer users can do to protect themselves, instead they will have to rely on the tech companies. But the one thing everyone can resolve to do this year? Apply the updates immediately.


Meltdown and Spectre Flaws Collateral Damage to OS & Cloud Services Unavoidable
These attack methods can possibly be used by malicious cyber criminals to access the most deeply embedded inner workings of any computer through exploiting the flaws. For instance, a low-level user can gain access to kernel memory simply by running JavaScript code hosted on a website. Or, cloud services users can access other clients’ operations since the services share hardware resources. Meltdown and Spectre cannot be fixed entirely; either on the hardware level nor through a microcode update.


Intel faces class action lawsuits regarding Meltdown and Spectre
The three lawsuits—filed in California, Indiana, and Oregon cite not just the security vulnerabilities and their potential impact, but also Intel’s response time to them. Researchers notified Intel about the flaws in June. Now, Intel faces a big headache. The vast majority of its CPUs in use today are impacted, and more class action complaints may be filed beyond these three.


Experts say US should expect more Iranian cyberattacks
In order to guard against such attacks, the U.S. government should increase the security of infrastructure and deepen cooperation with allies and nongovernmental organizations that have been targeted by Tehran’s cyber operations, they argue in a new report from the Carnegie International Endowment for Peace.


Pyeongchang Olympics ‘already target of hackers’
Security firm McAfee said in a report that several organisations associated with the Olympics had received malicious e-mail, with the primary target being groups affiliated with ice hockey. “The majority of these organisations (targeted) had some association with the Olympics, either in providing infrastructure or in a supporting role,” the McAfee report said. “The attackers appear to be casting a wide net with this campaign.”


Ukraine used as a “training ground” for Russian hacking attacks on west
Oleksii Yasinsky, forensic analyst at Kyiv cyber security firm ISSP, claimed that Russian hackers are using Ukraine to “hone technologies, mastery and attack techniques” for bigger targets – such as Europe and the US. According to Yasinsky: “It will be a quiet attack.” He added: “Whoever controls cyber-space will control the world.” It comes after National Cyber Security Centre chief, Ciaran Martin confirmed in November that the Kremlin had ordered a cyber-assault on the UK’s major power companies in a bid to disrupt international order.


Elections are a Cybersecurity Problem
We know, beyond doubt, that prior attempts at penetrating election infrastructure have been made.  We know as well that “the machines…Americans use at the polls are less secure than the iPhones they use to navigate their way there.” Indeed, as Bruce Schneier has noted, vulnerabilities in electoral systems are widespread across the diverse locally managed systems that comprise the U.S. election infrastructure.  Many are, for example, running “severely outdated operating systems like Windows XP, which has not been patched . . . since 2014.”


FCC releases final net neutrality repeal order, three weeks after vote
“In this document, the American public can see for themselves the damage done by this agency to Internet openness,” FCC Commissioner Jessica Rosenworcel, a Democrat who voted against the repeal, said today. “Going forward, our broadband providers will have the power to block websites, throttle services, and censor online content. This is not right.” The decision “deserves to be revisited, reexamined, and ultimately reversed,” she said.


Is “Bounty Hunting” The Next High-Paying Freelance Career?
Their startup, launched in June 2017, aims to make it worthwhile for coders to uncover software vulnerabilities by taking the payment of the bounties out of the hands of the companies offering them, known as bounty hosts. The trio believes existing freelance platforms are not ideally suited to connecting such hosts to techies who want to earn the bounties because they don’t have a reviewing service to vet submissions from the bounty hunters.


New Cyber Squadron ‘tip of the spear’ in military defense
The Battle Creek Air National Guard formally activated its cyber unit Saturday in a rare event attended by Guard members, their families, generals and both of Michigan’s U.S. senators. […] n a ceremony during which the flag was officially unfurled for the first time, the 272nd Cyber Operations Squadron was activated. It is one of only five in the nation.


How to hack Wi-Fi for fun and imprisonment with crypto-mining inject
The CoffeeMiner script is designed to spoof Address Resolution Protocol (ARP) messages on a local area network in order to intercept unencrypted traffic from other devices on the network. It turn conducts a man-in-the-middle attack using software called mitmproxy to inject the following line of HTML code into non-HTTPS, or otherwise non-encrypted, webpages requested by others on the networks[.]


NSA Contractor Pleads Guilty in Embarrassing Leak Case
A former contractor for the US National Security Agency’s elite hacking group has agreed to plead guilty to removing classified documents in a case that highlighted a series of disastrous leaks of top-secret NSA materials. […] The indictment filed on February 8, 2017 accused Martin of hoarding an estimated 50 terabytes of NSA data and documents in his home and car over a 20-year period. The material reportedly included sensitive digital tools for hacking foreign governments’ computers.


Dell EMC patches 3 zero-days in Data Protection Suite
Three vulns in Dell EMC’s Data Protection Suite product that can combine to fully compromise a virtual appliance have been patched by the vendor. […] Digital Defense said the three vulnerabilities included:
An Authentication Bypass in SecurityService; an
Authenticated Arbitrary File Access in UserInputService; and an
Authenticated File Upload in UserInputService.


Critical Unpatched Flaws Disclosed In Western Digital ‘My Cloud’ Storage Devices
[This] vulnerability allows a remote attacker to upload an arbitrary file to the server running on the internet-connected vulnerable storage devices. The vulnerability resides in “multi_uploadify.php” script due to the wrong implementation of gethostbyaddr() PHP function by the developers. This vulnerability can also be easily exploited to gain a remote shell as root. For this, all an attacker has to do is send a post request containing a file to upload using the parameter Filedata[0]—a location for the file to be uploaded to which is specified within the “folder” parameter, and a fake “Host” header.


Critical Informatics raises $1.1M to expand cybersecurity platform that blends human expertise and software
Garrett Silver, CEO of Critical Informatics, told GeekWire in an interview that as hackers have devised more sophisticated ways to attack companies and institutions, much of the cybersecurity industry has responded by trying to create better software. Cyberattacks have started to include not just rogue hackers, but state-sponsored perpetrators, and as a result, the need for strong security teams, in addition to great software, has exploded.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.