IT Security News Blast 1-11-2017

Ransom is the #1 motivation behind cyber attacks

In addition 55 percent say that IoT complicates their detection or mitigation requirements as it increases the surface of the attack landscape. While massive DDoS attacks made headlines in 2016, Radware’s research shows that attacks of more than 50 Gbps made up just four percent of attacks experienced. […] “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.

Hacker tool psychologically profilesTrump by his tweets

Jester’s tool, called Internet AWACS, or iAWACS, lets you chart when and how frequently tweets, the tone and mood of their tweets, and the geolocation. The tool also does much more, such as tracking live-shooter situations, keeping tabs on jihadis, and more. […] The tool has determined that Trump’s morning twitter storms tend to happen between the 5 o’clock and the 7 o’clock hour. One can also glean that Trump goes to bed by 11ish, and wakes up around 5am or 6am. […] It was particularly weird/disturbing to find Trump’s exact location within Trump Tower, to within one meter of his exact location (I’m told). You’d think this might not be the wisest thing for Trump to be divulging, his exactly location within a meter.

Mobile Security Turns Into Big Business for Cyber Firms

In response, a new market segment is emerging within the cyber-security field that involves companies that detect and mitigate attacks on mobile devices. In a recent research report, Gartner dubbed this new field “mobile threat defense,” and described a range of services—including scanning for risky apps and threatening WiFi networks—that the firms are offering. Since more workers now use their personal devices for work purposes, the firms’ services often involve supplying a security app for employees to install on their iOS or Android phone.

Someone stole $3.6M from a Miami bank; officials oblivious for 6 months

According to reports, malicious cyber-criminals were stealing cash from the bank since the summer of 2016 and the theft remained unnoticed until now. Too late now since the bank has already lost $3.6million. It is being speculated that somebody was stealing money from the City Hall’s bank accounts through rerouting the automatic transactions, which were actually meant to be received by vendors or being sent to pay government bills. Such payments are made automatically just like you set up your account to pay your utility bills automatically.

A Few States Now Actually Help You Figure Out If You’ve Been Hacked

Many are unaware of the risks at all. Transparent state records certainly do not resolve these issues, but can act as a consistent source of reliable data. Posting easily available public records also provides an incentive for companies to proactively prioritize cybersecurity so they don’t have to endure the embarrassment of being listed. Massachusetts joins California, Indiana, and Washington in making this data public.

Shamoon disk-wiping attackers can now destroy virtual desktops, too

According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to include legitimate credentials to access virtual systems, which have emerged as a key protection against Shamoon and other types of disk-wiping malware. The actor involved in this attack could use these credentials to manually log into so-called virtual management infrastructure management systems to attack virtual desktop products from Huawei, which can protect against destructive malware through its ability to load snapshots of wiped systems.

Deal: Georgia at forefront of cyber security with new state-owned center slated for Augusta

“And soon, we will begin construction on another tool in our arsenal for security and economic development in the form of the Georgia Cyber Innovation and Training Center,” Deal said. “This will be a state-owned facility designed to promote modernization in cybersecurity technology for both private and public industries. In conjunction with the Department of Defense and NSA, this invaluable resource will put Georgia at the pinnacle of efforts to enhance American cybersecurity in the public and private arenas.”

Top 9 ethical issues in artificial intelligence

  1. Unemployment. What happens after the end of jobs?
  2. Inequality. How do we distribute the wealth created by machines?
  3. Humanity. How do machines affect our behaviour and interaction?
  4. Artificial stupidity. How can we guard against mistakes?
  5. Racist robots. How do we eliminate AI bias?
  6. Security. How do we keep AI safe from adversaries?
  7. Evil genies. How do we protect against unintended consequences?
  8. Singularity. How do we stay in control of a complex intelligent system?
  9. Robot rights. How do we define the humane treatment of AI?

2017 Predictions: Convergence of mobile, payments and security in 2017

While authentication technologies help verify the user, they do not solve the issue of potentially making the sensitive data accessible to others. Organizations must think about not only how to authenticate users, but also how to secure highly sensitive personally identifiable information and other potentially “toxic” information while still providing access to that data for analytics, insights and innovation. Format-preserving encryption, which does not break the value of data – the relationships, context, format and meaning – but de-identifies sensitive information, complements authentication technologies to enable secure access.

Practical Uses of the Internet of Things in Government Are Everywhere

But strip away the label of “IoT” and you’ll find dozens of interesting projects that use connected devices to increase efficiency, lower costs and even save lives. For example, the Lower Colorado River Authority (LCRA) started deploying sensors along the Colorado River in Texas decades ago to help track stream levels that could lead to floods. Back then “they didn’t realize they were implementing an IoT system,” said John Miri, chief administrative officer of LCRA. “They were just using the tools that were available.”

Two New Edge Exploits Integrated into Sundown Exploit Kit

Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosed by a Texas startup was integrated into the Sundown Exploit Kit. The proof-of-concept exploit was developed by Theori, a research and development firm in Austin, which opened its doors last spring. The PoC targets two vulnerabilities, CVE-2016-7200 and CVE-2016-7201, in Microsoft Edge that were patched in November in MS16-129 and privately disclosed to Microsoft by Google Project Zero researcher Natalie Silvanovich.

Backpage shuts down adult section, citing government pressure and unlawful censorship campaign

The extraordinary move came shortly after the release of a scathing U.S. Senate report that accused Backpage of hiding criminal activity by deleting terms from ads that indicated sex trafficking or prostitution, including of children. […] The Senate panel issued the report after an acrimonious investigation. Backpage balked at a subpoena to turn over company materials to investigators, but the panel secured a federal court order to force compliance.

Microsoft Patch Tuesday Bulletin Warns of Critical Flaw

Microsoft warned of one critical Adobe Flash Player bug and three additional vulnerabilities rated as important, as part of its regular Patch Tuesday update. The Microsoft vulnerabilities are tied to Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS). […] Besides applying the requisite patches, Microsoft suggested disabling instances of Adobe Flash Player in Internet Explorer and other applications that honor the kill bit feature, such as Office 2007 and Office 2010.

John McAfee’s 3 major cybersecurity predictions for 2017

“The anti-virus paradigm will finally been seen as a dead paradigm. I invented this paradigm and predicted its demise more than 10 years ago. Every major hack of the American government and American enterprises were protected by multiple anti-virus software products. The world must move to proactive systems that detect the presence of a hacker within milliseconds of the hackers’ entry – months or years before the hacker can plant the malware that [anti-virus] systems can detect.”

McCaul on U.S. Cyber Security: ‘The Enemy Is Winning’

“Anyone can plainly see that a silent war is being waged against us in cyberspace,” McCaul said in his prepared remarks. “We must recognize if we do not shape the world around us, we will be shaped by it. […] “We must more effectively deter our adversaries from taking advantage of us,” McCaul said. “Without serious consequences, our adversaries will continue to exploit our digital networks and harm our American way of life.

How the Pentagon is shaping cyber tool use

Shanahan also hit on another facet of the cyber rules discussion: Title 10 war fighting and Title 50 intelligence regulations from the intel community and the National Security Agency. This is especially pertinent as cyber operations and capabilities are becoming more normalized as war fighting capabilities from what was traditionally primarily intelligence. A prime example includes standing up Cyber Command and the recent elevation of the command to a full combatant command.

Gov. Otter Addresses Cyber-security Concerns in State of the State Address

Gov. “Butch” Otter, “Because make no mistake, we got off lucky last time. Cyber-crime and even cyber-warfare are very real and growing threats. The next hack in Idaho target more critical infrastructure, including our electrical grid, industrial control systems, military equipment or even our personal vehicles.” Two world-class research facilities will be built near the Center for Advanced Energy Studies in Idaho Falls. The Cybercore and the Collaborative Computing Center will be financed and owned by the state, but paid for by the INL through lease payments.

Netflix Phishing Campaign Targeted User Information, Credit Card Data

The campaign – now defunct – started with an email informing users they needed to update their account details. From there, victims were brought to a legitimate looking Netflix login page where they were asked their email address and Netflix password. Not content with just getting users’ login credentials, the attacker then directs victims to another form where they’re told they need to update their billing information. Users are encouraged to enter their name, birthdate, address, and credit card information.

Stolen NSA “Windows Hacking Tools” Now Up For Sale!

For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and “powerful espionage tools” created by The Equation Group. On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire “Windows Warez” collection for 750 Bitcoin (around US$678,630). The data dump contains many windows hacking tools, categorized as following:

Fuzzing tools (used to discover errors and security loopholes)

Exploit Framework

Network Implants

Remote Administration Tools (RAT)

Remote Code Execution Exploits for IIS, RDP, RPC, SMB Protocols (Some Zero-Days)

SMB BackDoor (Implant)

How to secure MongoDB – because it isn’t by default and thousands of DBs are being hacked

Where MySQL, PostgreSQL, and other relational databases tend to default to local installation and some form of authorization, MongoDB databases are exposed to the internet by default, and don’t require credentials immediately by default. MongoDB’s post explains “how to avoid a malicious attack that ransoms your data,” but it does so by directing database users to take responsibility for configuring the software securely.