IT Security News Blast 01-12-2018

Cybersecurity Protecting our Hospitals

Financial firm outsourcing increasing risk of cyber-attacks: IIAC
The head of the Investment Industry Association of Canada says the risk of cyberattacks is being amplified by the significant outsourcing done by investment dealers and asset managers. Ian Russell told attendees at an Empire Club of Canada luncheon on Thursday in Toronto that firms’ financial integrity and cybersecurity may not be matched by third-party vendors hired to enhance efficiencies, compensate for scale and reduce costs.
http://business.financialpost.com/pmn/business-pmn/financial-firm-outsourcing-increasing-risk-of-cyber-attacks-iiac

 

Healthcare Comes Home at CES 2018
A particularly interesting collaboration for health and wellness in auto tech is the supplier Faurecia, which is working with Amazon and Accenture. With Amazon, Faurecia, which designs and builds interiors for original equipment manufacturers globally, will incorporate Alexa and her skills into the auto experience. […] With Accenture, Faurecia is partnering to learn about healthcare applications, from blood pressure sensors to ergonomic design that’s personalized for both driver and passengers.
https://www.huffingtonpost.com/entry/healthcare-comes-home-at-ces-2018_us_5a553760e4b0e3dd5c3f8cec

 

Saving Lives Starts with Protecting Our Hospitals
The entire purpose of a healthcare system is to provide care, wellness, and healing services for those who are sick. However, the ability for these institutions to provide such services becomes hindered when patient information and the computer/network systems that are heavily relied upon by doctors are compromised. Misdiagnosing or mistreating a patient can lead to death, and the manipulation of medical devices can also attain the same result.
https://www.informationweek.com/strategic-cio/security-and-risk-strategy/saving-lives-starts-with-protecting-our-hospitals/a/d-id/1330793

 

Army cyber activities teams playing pivotal role in warfare
Cyber-Electromagnetic Activities, or CEMA, teams are now routinely operating with brigades at combat training centers and sometimes during home-station training[.] […] This integration is a new concept and the transition is still in progress, Morrison said. For instance, electronic warfare, or EW, personnel will be rolled into the newly-created Cyber Branch Oct. 1. And beginning this month, mobile training teams will fan out across the Army to pave the way for full integration.
http://www.myguidon.com/index.php?option=com_content&task=view&id=21679&Itemid=39

 

Cyber-attack risk on nuclear weapons systems ‘relatively high’ – thinktank
It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change. “Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,” the authors of the study said.
https://www.theguardian.com/technology/2018/jan/11/cyber-attack-risk-on-nuclear-weapons-systems-relatively-high-thinktank

 

Commentary: How Blockchain Could Replace Social Security Numbers
To get blockchain ready for primetime, collaboration between the private and public sectors will be critical. Project Jasper, a joint effort between the private sector and Canada’s central bank and payment systems operator over the past two years, is a good example of this type of work, and is a blueprint that the U.S. should follow if we ever want to see blockchain become a viable Social Security number replacement.
http://fortune.com/2018/01/11/blockchain-technology-social-security-number-cybersecurity-identity-theft/

 

An Ounce of Prevention?
This type of data exposure will not stop until those affected, all of us, band together and demand better security from companies that use our data. Many of these companies are, or believe they are, untouchable. We trust these companies with our most valuable  assets, our financial, legal, medical, and personal secrets. Until companies handle this sensitive data as if it was their own, we are vulnerable to the worst kind of assault.
https://spf.kitsapgov.com/Documents/OunceofPrevention.pdf

 

Mead Challenges Girls To Pursue Cybersecurity
The governor has announced Wyoming will now participate in the “High School Girls CyberStart Challenge” — a cybersecurity competition for junior and seniors in the form of an online game. In the simulation, players are cyber agents responsible for protecting a base. The idea is to get girls interested in the cybersecurity field, where women are generally underrepresented.
http://wyomingpublicmedia.org/post/mead-challenges-girls-pursue-cybersecurity

 

Demand for cybersecurity talent rises sharply
Translation: Stop banging your head against the wall looking for the same people in the same places, where you’re not likely to find them. There are numerous pockets of prospective candidates for employers to consider — which includes women and minorities, IT workers with an interest in crossing over to security, young people with criminal justice degrees, law enforcement personnel, and a myriad of others.
https://www.csoonline.com/article/3247667/it-careers/demand-for-cybersecurity-talent-rises-sharply.html

 

U.S. House passes bill to renew NSA internet surveillance program
Some conservative, libertarian-leaning Republicans and liberal Democrats attempted to persuade colleagues to include more privacy protections. They failed on Thursday to pass an amendment to include a requirement for a warrant before the NSA or other intelligence agencies could scrutinize communications belonging to an American whose data is incidentally collected.
https://www.theglobeandmail.com/news/world/us-politics/trump-targets-then-backs-surveillance-program-in-tweets-ahead-of-vote/article37571485/

 

Filibuster threat means Trump needs Senate Democrats to pass spying bill
The bill that passed the House enjoys support from Republican leaders in the Senate and is likely to get support from most Republican senators. But a few Republicans—including Paul and Sen. Mike Lee (R-Utah)—have expressed skepticism of unfettered NSA surveillance. And Wyden and Paul’s filibuster threats mean that it will take 60 votes to pass the legislation. As such, the bill will need support from as many as a dozen Democrats to pass the Senate.
https://arstechnica.com/tech-policy/2018/01/as-house-passes-surveillance-bill-wyden-and-paul-vow-filibuster/

 

Secret Evidence and the Threat of More Warrantless Surveillance
As suggested by Human Rights Watch’s new report on secret evidence in US criminal cases, the government may be concealing its use of Section 702 surveillance by deliberately creating an alternative explanation for how it gathered evidence – a practice known as “parallel construction.” Despite having run massive programs under Section 702 for years, the government has apparently notified fewer than a dozen defendants that it drew on this surveillance during the investigations in their cases.
https://www.hrw.org/news/2018/01/11/secret-evidence-and-threat-more-warrantless-surveillance

 

Microsoft encryption announcement a first step towards protecting privacy
Responding to Microsoft’s announcement that it is rolling out a preview of end-to-end encryption for some Skype users, Joshua Franco, Head of Technology and Human Rights at Amnesty International, said: “Today Microsoft has taken an important first step towards upholding its human rights responsibilities. Encryption is a vital tool for protecting internet users’ rights to privacy and freedom of expression, but Amnesty’s research has shown that an alarming number of companies are leaving users exposed.
https://www.amnesty.org/en/latest/news/2018/01/microsoft-encryption-announcement-a-first-step-towards-protecting-privacy/

 

How Blockchain Will Restore Digital Trust In 2018 And Beyond
This distributed network provides incredible protection capabilities because “blocks” are not added to the chain without consensus on their validity. In 2018, blockchain will evolve through a huge consolidation of solutions that leverage blockchain-as-a-service (BaaS). With BaaS, individuals and businesses can inject tangible and traceable data-authenticity benefits into their systems.
https://www.forbes.com/sites/forbestechcouncil/2018/01/11/how-blockchain-will-restore-digital-trust-in-2018-and-beyond/#5872bf665763

 

How Getting Hit by a Bus Can Improve Your Cybersecurity
In the current environment of constant data emergency where one giant breach crashes into another like cars in a highway pile-up, and the security of data and the privacy of individuals is how you make a living, every waking moment (and even your dreams) can feel pretty perilous. The fact is, when it comes to cybersecurity, we are always occupying that moment just before the bus hit my Uber (a company that was, of course, recently “hit” by news of the mismanagement of a major data compromise). Finally, the seatbelt is worth talking about.
https://www.inc.com/adam-levin/how-getting-hit-by-a-bus-can-improve-your-cybersecurity.html

 

This Will Make You Uncomfortable: The Cybercriminal Who Secretly Watched Us for 13 Years
According to grand jury documents, he wrote malicious computer code as a teenager that could secretly turn on your computer’s microphone and camera, live-stream the images and sound to his own system, and then save it for later. And he set triggers that would alert him when his targets were doing something he was interested in. Prosecutors say he was able to collect and store millions of things from victims around the world: tax records, medical records, bank records, internet searches performed, and video and audio files.
https://www.secureworldexpo.com/industry-news/true-cybercrime-story

 

One third of Britons would apply to be a money mule
The fake job ad stated that the employee would be working three to five hours remotely from home for a company named Money Spark and they would have to work on administrative and financial support activities across the wider financial and cost teams. Alarmingly, one in four who were shown the advert said they would leave their current job to join Money Spark before they knew that the ad was fake and of the 2,000 people who participated in the study, only 15 percent correctly guessed that it was for a money mule.
https://www.scmagazine.com/one-third-of-britons-would-apply-to-be-a-money-mule/article/736424/

 

Someone Hacked Cops’ Radios and Forced Them to Listen to N.W.A.’s F*ck Tha Police Repeatedly
The Otago Daily Times, a local paper, reported Tuesday that the “interference” was heard on police radios around 3 pm on Monday but that “it was also repeated several times over the weekend.” […] The song also goes on to criticize stop-and-frisk-type tactics and arbitrary arrests while fantasizing about violence against officers. It focuses on the Los Angeles Police Department (LAPD), a force with a longstanding history of brutality and corruption, and even prompted the FBI to target the rap group.
http://theantimedia.org/hacked-radio-fuck-tha-police/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.