IT Security News Blast 03-20-2018

MDR versus, MSSP, versus, EDR

MDR vs. MSSP vs. SIEM — InfoSec Acronyms Explained
MDR, MSSP, SIEM, EDR, etc. — the world of managed IT security has far too many acronyms, each of which represent a different product or service. Below, we’ll unwrap some of the most common acronyms, describe what their related services entail, and provide examples of typical organizations that utilize these services.

Cybersecurity in healthcare ails from lack of IT talent
Brian Wells, chief technology officer at Merlin International, said a healthcare cybersecurity IT shortage is probably due to many hospitals’ inability to meet the pay rates of the financial services sector, which is generally protected by considerably more robust cybersecurity than healthcare. Some 79% of the respondents said they find it difficult to recruit security personnel, and 74% said they don’t have enough staff. “The big hospitals are probably OK with attracting people and paying for the software and technology, but the smaller ones just aren’t,” Wells said.

DHS: Some GE Imaging Devices Are Vulnerable
In a March 13 advisory, DHS’s Industrial Control Systems Cyber Emergency Response Team says independent researcher Scott Erven contacted the agency regarding the potential use of default or hardcoded credentials in certain GE Healthcare imaging products. “Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices,” the alert notes.

The biggest security challenges in working with third-party vendors, and how to avoid them
“Authority to purchase IT and IT security impacting assets tends to exist within a wide spectrum of involved employees and management levels without the proper governance to trigger additional, standardized risk management controls,” he explained. “The trick in remediating external risks is to require and impose standardized procurement processes. The attempt is to specifically halt or limit ‘shadow IT’ and ‘unauthorized, wasteful and/or unnecessary spend.'” Second, an effective, holistic vulnerability and configuration management program without question is the most challenging to the industry, Stanton said.

HHS CISO Wlaschin resigns
Wlaschin was involved in the late-2017 removal of two HHS officials, Leo Scanlon and Maggie Amato, who led the government’s Healthcare Cybersecurity and Communications Integration Center, a repository of cybersecurity information. Notably, the center helped share information during the WannaCry ransomware attack last May. According to Scanlon, he and Amato were ousted after HHS employees badmouthed the pair due to disagreements about the center. There had also been anonymous complaints that the two were bribed into creating outside contracts with HHS—actions that the two deny.

Cyber attacks: the risks of pricing digital cover
Stephen Hester, chief executive of UK based RSA, has similar views. “We have mixed feelings about [cyber insurance],” he says. “Our job is to protect clients from things they are worried about, but it is incredibly unpredictable.” One executive goes even further. He says the system of annual policies is ill-suited to a risk that changes so quickly. He predicts that cyber insurance is “a disaster waiting to happen” for those who do not fully understand what is at stake.

Growth of Crypto-Assets May Threaten Financial System, FSB Says
In his G-20 letter, Carney said the FSB would look for metrics and gaps in data to help monitor the growth of crypto-assets and identify emerging threats to financial stability. For now, crypto-assets don’t pose risks to financial stability, partly because they are still small relative to the financial system. Even at their recent peak, their combined global market value was less than 1 percent of global economic output, the FSB said. In addition, the assets aren’t substitutes for currency and aren’t much used for financial transactions, limiting their links to the rest of the financial system.

Auditor Finds Infosec Weaknesses in Most FBI Domains
There are weaknesses in six out of the FBI’s seven information security domains, according to an independent auditor that recommended 38 separate fixes. The findings were only released in a brief summary because of concerns hackers might capitalize on them. […] Because the audit, performed by the consultant KPMG, does not provide many details, it’s impossible to assess the severity of the agency’s weaknesses or the urgency of the report’s recommendations.

Toe-to-toe with the Roosskies
A good example of the current Russian mindset is its repeated disregard for international norms, laws, and international treaties (for one, the Chemical Weapons Convention, ratified by Russia and entered into force in 1997). Russia’s blatant dismissal of UK Prime Minister May’s threats of sanctions over a March 2018 attempted nerve-gas murder in England were not only a diplomatic faux pas, but Cold War-style jackassery of the worst kind.

Britain’s data regulator is getting a warrant to raid Cambridge Analytica and seize its servers
The news comes after Channel 4 ran an exposé on Cambridge Analytica, where the firm’s CEO was secretly filmed offering to entrap politicians with bribes and sex workers on behalf of a client. That report, in turn, came just days after CA was suspended from Facebook over a data incident in which it collected information on around 50 million US voters without their knowledge or consent. CA was contracted by Donald Trump’s presidential campaign, and the Brexit Leave campaign, in 2016. After a whistleblower came forward and as The Guardian and The New York Times were preparing to publish exposés, Facebook said on Friday that the data it used for ad targeting was improperly obtained and shut it down.

‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower
We are still only just starting to understand the maelstrom of forces that came together to create the conditions for what Mueller confirmed last month was “information warfare”. But Wylie offers a unique, worm’s-eye view of the events of 2016. Of how Facebook was hijacked, repurposed to become a theatre of war: how it became a launchpad for what seems to be an extraordinary attack on the US’s democratic process.

After Cambridge Analytica, politicians must act to save the web
But before we blame everything on the platforms, we should examine our collective complicity too. We humans are more responsible than the bots for fanning false news and boosting the market value of lies. A recent study, published in Science, found that flesh and blood users enthusiastically spread false news because it was more novel or elicited stronger emotional responses, such as surprise, disgust or fear. In a study of thousands of “information cascades” on Twitter between 2006-17, the researchers found that it took the “truth” about six times as long as “falsehood” to reach 1,500 people.

Trump Loved Hacks. But Now They’re Hitting His People — And Anyone Could Be Next.
“Everyone involved in politics — whether you’re on a more state-focused campaign or national — you’re going to be heavily targeted, especially seeing the success of what happened,” said Ben Johnson, a former cybersecurity specialist at the National Security Agency. “Everyone is a target, from the intern to the candidate.” Hillary Clinton’s aides and allies warned that they weren’t the first, and wouldn’t be the last, to be hurt by politically motivated hacking and that the U.S. government should take the threat seriously.

Preparing for the looming battle of AI bots
Adversarial artificial intelligence is often used in two scenarios: (1) gaming defensive AI techniques to find and exploit their weaknesses or blind spots, or (2) using AI for offensive cyber operations. In this article, the focus is on using AI for offensive cyber operations. Having said that, developers of defensive AI solutions need to be especially cognizant of failure modes in their approaches such as catastrophic failures due to homogeneous training sets, or simply the law of large numbers that states many pedestrian attacks will get past machine learning approaches because most are simply statistical estimators of a function, not a hard and fast rule.

Cyber security jobs: Job descriptions, requirements and salaries for today’s hottest roles
The effectiveness of any security-focused job depends on clear definitions of roles and strong communication up and down the line as to the tasks and responsibilities for which each player is responsible. Job hunters will also want to see a well-defined job description. Crafting a good cyber security job description is a big challenge, because each company has different needs and has its own expectations for each role on the security team.

Women headed to front lines in cybersecurity
As the list of high-profile cyber attacks grows longer and companies strive harder to protect their customers’ personal information, there is a surging demand for information security professionals, a need that women can help meet. “More companies are seeking diverse candidates for security leadership positions,” said Julie Talbot-Hubbard, data, analytics and insights leader at Magellan Health. “There are numerous studies that have been done illustrating the benefits companies have realized — including improved performance — when they have a diverse workforce.”

Rights groups oppose CLOUD Act, citing privacy, human rights compromises
The CLOUD Act backdoor “operates much in the same way” as provisions under Section 702 of the FISA Amendments Act that let police “search, read and share” private communications without obtaining a warrant, the post states. Essentially, “U.S. police could obtain Americans’ data, and use it against them, without complying with the Fourth Amendment.” American Civil Liberties Legislative Counsel Neema Singh Guliani wrote in a blog post that the act “would empower Attorney General Sessions in new disturbing ways,” and warned that “some members of Congress may be working behind the scenes to sneak it into a gargantuan spending bill that Congress will shortly consider.”

Cybersecurity By The Numbers: Market Estimates, Forecasts, And Surveys
68: percent of cybersecurity professionals that say their CEO demands DevOps and security teams not do anything that slows the business down (ThreatStack).
68: percent of senior IT professionals that say their boards of directors are not being briefed on what their organizations are doing to prevent or mitigate the consequences of a cyber attack (Raytheon and Ponemon Institute).

Cybersecurity Threats And Opportunities In A Digitally Transformed Water Utility Industry
“Conservative attitudes toward emerging technology notoriously frustrate innovation and adoption rates in the municipal water industry. Concerning the increasing digitization and exposure of water networks, however, cybersecurity solutions must not be allowed to follow the same slow adoption curve,” said Cutler. “Water utilities must learn more about how they can quickly and efficiently protect their systems against new threats and exposure.”

Prilex ATM Malware Modified to Clone Chip-and-Pin Payment Cards
Now, the Brazil-based Prilex group has developed infrastructure that creates cards clones. It was quite easy for the firm since in Brazil there is the faulty implementation of EMV [PDF] standard and therefore, all the data that goes through the approval process remains unverified. It is also worth noting that these cloned cards are compatible with almost all POS systems in Brazil.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.