IT Security News Blast 03-15-2018

New Cyber Threats Every Minute

What the CareFirst Data Breach Decision Means for Healthcare
“Respondents downplay the significance of the D.C. Circuit’s conclusion despite a rising tide of data breach class actions,” CareFirst said. “Should the Court leave the D.C. Circuit’s opinion undisturbed, any individual who pleads that her data was exposed in a breach will be able to maintain a lawsuit against the company that held that data, even if the plaintiff suffered no harm whatsoever.”
https://healthitsecurity.com/news/what-the-carefirst-data-breach-decision-means-for-healthcare

500 new cyber threats emerge every minute
An average of almost 500 new threats were discovered every minute in Q4 last year, McAfee Labs’ quarterly Threats Report revealed yesterday, with huge spikes in cryptocurrency attacks, Mac malware and attacks against healthcare. “Our research reveals a 211% surge in disclosed security incidents against the healthcare industry last quarter,” said Nigel Hawthorn, McAfee’s data privacy expert for cloud security.
http://www.alphr.com/security/1008802/500-cyber-threats-every-minute

Stronger Healthcare Cyber Hygiene Can Improve Patient Safety
Certain healthcare providers have limited resources when it comes to cybersecurity, AEHIS stated. The increasingly connected healthcare infrastructure puts greater pressure on organizations to have strong cyber hygiene to keep data secure. Better IT infrastruture security will also ensure that patient safety remains a top priority.
https://healthitsecurity.com/news/stronger-healthcare-cyber-hygiene-can-improve-patient-safety

Utility Firms Say Cybersecurity Threats Will Have Biggest Impact on Operations
In terms of critical infrastructure protection, the survey found that less than half of respondents have major compliance projects planned for the coming 24 months. This figure has jumped from 28% to 47% since last year though. Bridge Energy Group said: “After over 10 years of CIP Compliance it is surprising that utilities have not yet integrated the concepts of compliance into their cybersecurity programs to reduce exposure to change.
https://www.hstoday.us/uncategorized/utility-firms-say-cybersecurity-threats-will-biggest-impact-operations/

Cyber threats force US clearing house on to cloud
The US options clearing house clears more than 460m trades a month for the US options markets, as well as some emerging cryptocurrency futures. DTCC, the main US securities clearing house, last year said cloud computing had reached “a pivotal point” because they were now more secure, cheaper and sophisticated than in-house IT systems.
Mr Davidson said the move was prompted in part because it was hard to match the investments of the big technology companies.
https://www.ft.com/content/f61770b4-2784-11e8-b27e-cc62a39d57a0

U.S. military cyber commanders call for going on the attack
Several senior U.S. military commanders called for the nation’s cyberforces to go on the attack during a March 13 Senate Armed Services Subcommittee on Cybersecurity hearing. […] Sen. Bill Nelson, D-Fla., expressed concern to the military leaders about the ongoing Russian efforts to interfere in the U.S. election process through cyberattacks. Weggemen said he is concerned about the future health of American democratic institutions if “we don’t attack.”
https://www.scmagazine.com/us-military-cyber-commanders-call-for-going-on-the-attack/article/750901/

Lawmakers to generals: Tell us the policies you need to launch cyberattacks
“I would really appreciate it if there are things we could add to the [National Defense Authorization Act (NDAA)] this year, to give you more tools, to recruit and retain … we have got to up our game in cyber warfare,” McCaskill said. “If there are specific things we could do to give you additional flexibility or tools I’d really appreciate it if you would share them with us before we begin our consideration of the NDAA this year.”
https://www.cyberscoop.com/us-cyber-command-hacking-operations-government-funding/

NSA Retreats From Targeted PCs If They’re Already Infected by Other APT Malware
This utility, going by the codename of “Territorial Dispute,” is meant to alert NSA operators about the presence of other cyber-espionage hacking groups on a compromised computer and allows an NSA operator to retreat from an infected machine and avoid further exposure of NSA hacking tools and operations to other nation-state attackers.
https://www.bleepingcomputer.com/news/security/nsa-retreats-from-targeted-pcs-if-theyre-already-infected-by-other-apt-malware/

Talk of cyber attacks “serious concern”, Russian embassy in London says
The Russian Embassy in London said Tuesday that talk of cyber attacks is a “serious concern”, and urged Britain to carefully consider the consequences of such attacks. The Russian Embassy in London made the statement in response to media reports that Britain could launch a cyber attack against Russia. Meanwhile, the embassy urged Britain to carefully weigh the consequences of such action.
http://www.globaltimes.cn/content/1093212.shtml

British cyber option to punish Russia prompts fear of ‘electronic war’
Not only does Moscow boast one of the world’s most advanced cyberwarfare programs, they said, in the event of a major British attack, Russian President Vladimir Putin is almost certain to hit back in kind, prompting a spiral of retaliation that could escalate into full-blown electronic war. “The Russians have got vast capability on this [the cyber front], both state-organized agencies plus all the mafia elements who are linked in with them[.]”
https://www.politico.eu/article/british-cyber-option-to-punish-russia-prompts-fear-of-electronic-war/

APAC security chiefs expect imminent attack on critical systems
According to the survey conducted ahead of Black Hat Asia in Singapore, 52% of nearly 100 respondents either “strongly agree” or “somewhat agree” that such an attack would happen in their own country in the next two years. An even greater proportion (67%) believed that an attack affecting critical infrastructure across multiple Asian countries will happen in the same period.
http://www.computerweekly.com/news/252436780/APAC-security-chiefs-expect-imminent-attack-on-critical-systems

Two East Asian APT groups stage cyber-espionage attacks
According to investigations by Kaspersky Lab, the PlugX malware has been detected in pharmaceutical organisations in Vietnam, aimed at stealing precious drug formulas and business information. Meanwhile, Eset researchers have discovered a new backdoor attack campaign from APT hacking group, OceanLotus, that has its sights set on high-profile corporate and government targets in Southeast Asia, particularly in Vietnam, the Philippines, Laos, and Cambodia.
https://www.scmagazineuk.com/two-east-asian-apt-groups-stage-cyber-espionage-attacks/article/751088/

China-Linked Cyberespionage Group APT15 Stole Military Tech Secrets From UK Government
“Espionage by foreign governments should not come as a shock to anyone, these days. False Flags, double bluffs and blatant denials should also be expected. These attack tools have been associated with a group that targeted foreign affairs ministries in the past. We do not know if the attack is limited to the UK at this point. The wide range of tools used suggests a requirement for many capabilities in the target network; from this, we can infer that intellectual property was the target of the attack[.]”
http://www.ibtimes.com/china-linked-cyberespionage-group-apt15-stole-military-tech-secrets-uk-government-2662486

Calif. weighs toughest net neutrality law in US—with ban on paid zero-rating
The bill would also try to prevent interconnection payment disputes that harm Internet service quality—such as those between Netflix and major ISPs in 2013 and 2014. […] “The [California] bill prohibits ISPs from blocking, speeding up or slowing down websites, applications, and services; charging online companies for access to an ISP’s customers and blocking those that do not pay; and from entering into deals with online companies to put them in a fast lane to the ISP’s customers,” van Schewick wrote today.
https://arstechnica.com/tech-policy/2018/03/att-and-verizon-data-cap-exemptions-would-be-banned-by-california-bill/

Samba settings SNAFU lets any user change admin passwords
That’s the gist of an advisory warning that “On a Samba 4 Active Directory domain controller (AD DC) any authenticated user can change other users’ passwords over LDAP, including the passwords of administrative users and service accounts.” […] There’s some good news in the form of this simple workaround samba_CVE-2018-1057_helper –lock-pwchange that turns off the mistakenly loose password-setting permissions. Once you’ve done that, visit samba.org/samba/security/ to download patched Samba versions 4.7.6, 4.6.14 and 4.5.16 to fix recent releases.
https://www.theregister.co.uk/2018/03/14/samba_password_bug/

Forensic Analysis of Digital Media – 4 Methods Explained
Imagine your computer getting infected with malware or getting compromised, and you suspect evidence of a crime that you’d like to see prosecuted. After taking the necessary steps to securely obtain a forensically-sound and legally-defensible image, we must conduct an analysis to determine the suspected series of events. While true forensic methodologies can be extremely time-consuming and complex, let’s discuss four of the most common techniques and methodologies used during an image analysis.
https://criticalinformatics.com/resources/blog/forensic-analysis-of-digital-media-4-methods-explained

AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips
Israel-based CTS-Labs said that it has discovered 13 critical vulnerabilities and exploitable backdoors that impact AMD’s EPYC server, Ryzen workstation, Ryzen Pro and Ryzen mobile lineups. CTS-Labs  said it has shared this information with AMD, Microsoft and “a small number of companies that could produce patches and mitigations” – but said there are no known fixes at this time.
https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/

SEC charges former Equifax U.S. CIO with insider trading related to data breach
“The SEC alleges that before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million.  According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses,” the SEC said in a statement.
https://www.scmagazine.com/sec-charges-former-equifax-us-cio-with-insider-trading-related-to-data-breach/article/751109/

What is security’s role in digital transformation?
As IT and business fast-track initiatives like agile and DevOps to improve speed to market, security’s role is confined to asking questions afterwards about the knock-on impact on risk and security. In short, digital transformation is so rooted in giving value to the customer (or equivalent) that little consideration is giving to the impact on core security functions. The rise in data breach and vulnerability figures has led some to suggest that security-less digital transformation leaves organizations at greater risk.
https://www.csoonline.com/article/3260637/security/what-is-securitys-role-in-digital-transformation.html

Sexual predator crackdown in LA County underway, cyber ‘patrols’ on the job
Working in partnership with Demand Abolition, a nonprofit organization focused on eradicating the demand for commercial sex, sheriff’s deputies post ads to make contact with would-be buyers. Once phone contact is made, detectives identify themselves as members of the sheriff’s Human Trafficking Bureau, advise the caller that solicitation is a crime and offer referrals to sex addiction treatment. Investigators also use electronic “bots” to send text messages to buyers to let them know their activity is illegal, exploitive and no longer anonymous.
https://mynewsla.com/crime/2018/03/13/sexual-predator-crackdown-in-la-county-underway-cyber-patrols-on-the-job/
====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.