IT Security News Blast 03-06-2018

8 Best Practices for Working Remotely

8 Best Practices for Working Remotely
Companies of all sizes are under attack. It is true that threat actors primarily attack large companies, but they may also target small and medium companies. Smaller companies are often more vulnerable and in a connected world, the compromise of a small company or even an individual may lead to the compromise of a larger target. Additionally, broad, untargeted attacks hit all networks, regardless of size. In this threat environment, companies use a combination of prevention, detection, and insurance solutions to mitigate the risk of breach. While good technologies and policies help, the truth is that the very employees who make the business go are a primary avenue of risk.

4 Early Warning Signs Of The Next Financial Crisis
Bair’s four big areas of concern, as discussed with Barron’s: reduced bank capital requirements; soaring private debt; a ballooning federal budget deficit; and massive student loan debt. She also shared opinions on Chinese debt, bitcoin, and cyber risk. Right now, Investopedia’s millions of readers worldwide are extremely concerned about the securities markets, as measured by the Investopedia Anxiety Index (IAI).

The Morning Ledger: Companies Zero in on Cyber Due Diligence as M&A Activity Ticks Up
Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises[.] Scrutiny will continue as merger and acquisition activity heats up on expectations of extra cash from lower U.S. corporate tax rates. As of late February, 18 transactions valued at more than $5 billion each have been announced — up from 10 such big deals during the same period in each of 2017 and 2016, according to Dealogic.

Budget 2018 Takes Cyber Crime Seriously, And So Should Canadians
The Communications Security Establishment (CSE) will receive more than $155 million over five years to create a new Canadian Centre for Cyber Security that consolidates its cyber expertise in one place. The centre’s mandate provides Canadian citizens and businesses a single place to turn to for cyber security information. The responsibility for investigating cyber crimes remains with the RCMP.

Cyber security, Big Data, AI Top Technologies for Healthcare Firms
“Cyber security (77 per cent), Big Data analytics (72 per cent) and AI (59 per cent) are the three digital technologies most utilised by healthcare firms currently,” Infosys said in its report titled “Digital Outlook for Healthcare and Life Sciences Industry”. […] The motive of the study was not just to identify the technology trends in healthcare and life sciences industries, but also to understand how technology improved their operations, Infosys said in the report.

Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds
29 percent of respondents did not know what actions an organization took once a cyber attack or data breach was resolved. Technology upgrades were seen by 15 percent of respondents and training was improved at another 14 percent. Staffing or leadership were changed in a combined 17 percent of respondents’ organizations. Another 24 percent responded that they didn’t have a breach.

Most healthcare organisations have been breached, report shows
Out of the 70% that have been breached so far, the report reveals 36% have been breached in the past year alone, and that as result 55% of respondents feel “very” or “extremely” vulnerable to data breaches. According to the report, while digital transformation is enabling better healthcare through increased efficiency at lower cost, at the same time it is introducing more security risks through the use of cloud, big data, internet of things (IoT) and containers to create, manage and store data.

Patient safety ripe for investment, Frost & Sullivan says
The report authors also suggested remote healthcare technologies, including the Internet of Medical Things (IoMT) and increased healthcare data exchanges will lead to higher cybersecurity risks, including compromised protected health information and medical device/implant data breaches.

Public Sector Explores How Artificial Intelligence Might Help with Enhancing Cyber Security Efforts
According to the study, “The Federal Cyber AI IQ Test,” underwritten by IBM, federal IT managers see cyber security as the single biggest opportunity for AI in the federal government. That’s quite a notable finding, given all the potential applications of AI within government operations. […] A large majority of those surveyed (90%) said AI could help prepare agencies for real-world cyber attack scenarios, and 87% said it would improve the efficiency of the federal cyber security workforce.

German Government Hacked
“The alleged Russian cyberattack on the German government is the latest in a long line of cyber war and espionage events, with the German government reported to be hacked by Russians twice in the past three years. These continued cyberattacks teach us that the world is simply not prepared for cyberwarfare. With so much of our life and critical infrastructure online, it’s difficult to imagine the sheer magnitude of potential ways we could be attacked.

Going Soft: Nation-state attackers seek weaknesses in the system
“The biggest concerns we should have are the ones we don’t know about,” says John McCumber, director of cybersecurity advocacy for ISC(2). The approach of “setting up perimeters and walls… security as it has been practiced for a couple of millenia” is not very effective in the cyber-world, as McCumber and other experts point out. The new approach needs to be “prevent what I can’t detect and detect what I can’t prevent,” he adds.

Russia’s Fancy Bear Hacks its Way Into Montenegro
Over the last two years, Montenegro authorities have recorded a sharp rise in the number of cyber attacks, mostly targeting state institutions and media outlets. From only 22 such incidents in 2013, almost 400 were recorded in only nine months of 2017, official data obtained by CIN-CG/ BIRN show. Not all are related to malware viruses or attacks on state institutions, and not all the attacks can be attributed to Fancy Bear. But many of the attacks are believed to be linked to the tiny Adriatic country’s decision to join NATO, which infuriated the country’s old ally, Russia.

Hacking operation uses malicious Word documents to target aid organisations
Dubbed Operation Honeybee based on the name of lure documents used during the attacks, the campaign has been discovered by security researchers at security company McAfee Labs after a new variant of the Syscon backdoor malware was spotted being distributed via phishing emails. The malware – which appears to use a modified version of the original Syscon first observed in August – can be used to create a backdoor into the infected system, which can then be used to spy on the PC and allow attackers to steal data.

The Iranian Cyberthreat
On one hand, most analyses describe the Middle Eastern republic’s offensive cyber capabilities as fractured, decentralized, and inferior to those of the U.S., Russia, and China. On the other hand, Iran’s cyber forces are known to be persistent and opportunistic, and have become adept at infecting sloppy organizations whose employees and IT professionals don’t follow recommended security practices.

Fighting fake news: Caught between a rock and a hard place
As many experts are warning, ‘fake news’ is becoming a weaponised, politicised term, applied to everything from genuine hoaxes to merely disputed opinions. To further confuse things, hate speech, propaganda, and even satire seem to be falling under this umbrella. Measures to fight fake news must therefore choose a definition from this spectrum. A strict definition of ‘fake news’ would only target completely fabricated information, spread with intent to influence public opinion. A good example would be the story that claimed that Pope Francis had endorsed Donald Trump.

LTE security flaws could be used for spying, spreading chaos
The exploits discovered by the Purdue/Iowa team go beyond simple location tracking. One exploit allows tracking of a target by just using a phone number, sending a phone call while simultaneously blocking call notification by hijacking the target’s paging network connection. Another attack allows a malicious device to pose as the target device through an “authentication relay” attack before sending its own location data and other messages to distort carrier location data logs.

New Tools Make Checking for Leaked Passwords a Lot Easier
For the worried ones, the Pwned Passwords service also allows users to search the HIBP database using the SHA1 hash of your desired password, making the process a little bit more secure. The service is incredibly useful because even if your account was never hacked and compromised, that doesn’t mean you’re not using a weak password or a password that was also used by someone else who had his account compromised.

Millions of Office 365 Accounts Hit with Password Stealers
In this case, users are hit with the password stealer when they download and open the malicious document. When the document opens, a macro inside launches PowerShell, which acts in the background while the victim views the document. […] “What they do is they rotate the content of the email; they rotate sender information,” he continues. Signature-based systems won’t catch these messages because changing the characteristics of malicious emails changes their fingerprint.

Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months
Individuals and businesses are becoming cryptojacking “victims as a result of adware, cracked games and pirated software used by cybercriminals to secretly infect their PCs,” researcher authors note. “Another approach used was web mining through a special (JavaScript) code located in an infected web page. The most widely used web miner was Coinhive, discovered on many popular websites,” researchers said.

Attention hacking is the epidemic of our generation…
Why is capturing your attention so important? Because selling eyeballs to advertisers is by far, their main source of revenue:
100% for Snapchat (sponsored lenses, geo-filters, stories & discover ads)
98% for Facebook (sidebar ads, sponsored stories & promoted posts)
87% for Google (Adwords & Adsense)
86% for Twitter (promoted tweets, accounts and trends)
To put it bluntly, the job of internet medias is to sell advertisers “available human brain time”. You shouldn’t be surprised that, in 2017, the average internet user spends 15% of his awake life on social networks.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.