IT Security News Blast 1-16-2017

The Hidden Trade in Our Medical Data: Why We Should Worry

Companies that have nothing to do with our medical treatment are allowed to buy and sell our health care data, provided they remove certain fields of information, including birth date, name and Social Security number. […] “It’s very difficult to protect data from re-identification through most processes that are used to anonymize it[.]” It is getting easier and easier because of the amount of electronic publicly available data and the amount of analytic engines to turn through it.”

Possible cybersecurity flaw in heart devices

The Homeland Security Department warned Tuesday about an unusual cybersecurity flaw for one manufacturer’s implantable heart devices that it said could allow hackers to remotely take control of a person’s defibrillator or pacemaker. Information on the security flaw, identified by researchers at MedSec Holdings in reports months ago, was only formally made public after the manufacturer, St. Jude Medical, made a software repair available Monday.

Barts Health NHS Trust hit with “IT attack”

He was not aware of the attack disrupting patient services across the trusts four hospitals in East London. He would not comment on how the trust was alerted to the attack or how it got onto the trust’s systems. According to HSJ, the attack has infected thousands of files stored on Window XP computers and parts of the network have been shut down while engineers investigate. It is the second major disruptive cyber-attack on the NHS in the past three months.

Pot dispensary IT director asks for help after tracking system software was hacked

Denver-based MJ Freeway, a medical marijuana “seed-to-sale” tracking software company experienced a “service interruption” – that turned out to be a hack – a week ago on January 8. The hack of the point-of-sale system left more than 1,000 retail cannabis clients in 23 states unable to track sales and inventories. Without a way to keep records in order to comply with state regulations, some dispensaries shut down, while others reverted to tracking sales via pen and paper.

Indian banks are waking up to a new kind of cyber attack

The banks in question discovered that their SWIFT systems — the global financial messaging service banks use to move millions of dollars and documents across borders every day — have been compromised to create fake documents. The banks are still unsure about the origin of the attack and the intention of the hackers. It’s learnt that soon after the breaches were reported to the Reserve Bank of India, the regulator last month directed several banks to cross-check all trade documents.

What to Make of Rudy Giuliani’s Cybersecurity Role

Industry pros immediately called into question Giuliani’s digital defense chops, noting that the website advertising his own security and crisis management consultancy, Giuliani Partners, had glaring vulnerabilities. As various computer sleuths pointed out, the site featured little in the way of fortification: an expired cryptographic certification, lack of encryption, an exposed remote login, outdated software and scripting languages, open server ports, and, yes, Adobe Flash, a notoriously insecure bit of software. The site may as well have been a honeypot for hackers.

When Cybersecurity Meets Physical Security

Imagine a major head of state on an official visit to a foreign country or even a visit by the President of the United States to another part of the US. Security forces go to great lengths to construct a physical security cordon and maintain exclusive control over who is able to enter that controlled space. Yet, the growing Internet of Things means that more and more the various objects in that controlled space, from the light bulbs overhead to the elevators to the fire alarms to the traffic cameras are all remotely accessible.

How America Can Beat Russia in Cyber War, Despite Trump

Deterrence is not about punishment, though, but rather it seeks to find pressure points to influence future action. Here the overall weakness of the Russian economy (indeed, it is sad that the US is being bullied about by the world’s 13th largest economy), as well as its oligarchic structure, are choice leverage points. Targeting the financial assets of Putin and his allies, especially those held outside the country in real estate and tax shelters, would be one way to expand this effort. Outing these assets should also be the target of any covert cyber action.

US Marines seek more than a few good men (3,000 men and women, actually) for cyber-war

The Marine Forces Cyber Command has about 1,000 military and civilian staff; this needs to be drastically increased, he said. That may mean withdrawing frontline troops that have the right aptitude, training them in online warfare, and deploying them in the world’s cyber-trenches, for want of a better word. […] Marines have, right now, no military occupational specialty (MOS) for online warfare, he continued. That mil jargon means marines aren’t trained to exploit and compromise enemy computers. They can do signals intelligence and defend computer networks, but they are not taught how carry out attacks on systems, and this needs addressing.

Obama: Cyber Threats to US Growing Faster Than Government Defenses Against Them

Obama said that even groups without the resources of governments and nations behind them now had the capabilities to wage disruptive cyber attacks. “Not just state actors like Russia and China but non state actors [have the capability to] penetrate core functions in our society,” he said. Obama said that despite the increasing threat of hackers he would continue to use emails in his retirement, but he advised Americans not to send anything in emails that they did not mind seeing published at some future time in newspapers.

Lawyer sues Chicago police, claims they used stingray on him

In the suit, Jerry Boyle, who describes himself as an “attorney and longtime volunteer legal observer with the National Lawyers’ Guild,” alleged that while attending the “Reclaim MLK Day” event in Chicago nearly two years ago, his phone was targeted by the Chicago Police Department’s device, better known as a stingray. Boyle argued that his Fourth Amendment and First Amendment rights were violated as a result.

Europe erects defenses to counter Russia’s information war

The issue of Russian “influence operations” has taken on new urgency after U.S. intelligence agencies released a non-classified assessment that President Vladimir Putin ordered a campaign to move the U.S. election in favor of Donald Trump. European nations and NATO are setting up centers to identify “fake news”, bolstering cyber defenses and tracking use of social media which target Russian-speaking communities, far-right groups, political parties, voters and decision-makers.

Reported “backdoor” in WhatsApp is in fact a feature, defenders say

Most would probably agree it’s not even a vulnerability. Rather, it’s a limitation in what cryptography can do in an app that caters to more than 1 billion users. At issue is the way WhatsApp behaves when an end user’s encryption key changes. By default, the app will use the new key to encrypt messages without ever informing the sender of the change. By enabling a security setting, users can configure WhatsApp to notify the sender that a recently transmitted message used a new key.

Meet Spora, a ransomware that infects users in good faith – Literally

This new ransomware has been named as Spora and researchers noted that this is quite a sophisticated malware having well-implemented encryption features, very organized payment portal and numerous options for a ransom payment. Usually, ransomware offers just one package for a ransom payment, but Spora offers several packages such as victim can choose only to recover encrypted data or opt for recovering data and gain immunity from future ransomware attacks.

ShadowBrokers Bid Farewell, Close Doors

The group or individual responsible for multiple leaks of exploits and attack tools believed to belong to the NSA said today they have closed up shop and deleted all of their online accounts. “Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and [BS] political talk was being for marketing attention,” the ShadowBrokers’ message reads. “There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers.”

Student Faces 10 Years In Prison For Creating And Selling Limitless Keylogger

A 21-year-old former Langley High School student, who won a Programmer of the Year Award in high school, pleaded guilty on Friday to charges of developing and selling custom key-logging malware that infected thousands of victims. Zachary Shames from Virginia pleaded guilty in a federal district court and now faces a maximum penalty of up to 10 years in prison for his past deeds. Shames was arrested this summer while he was working as a technical intern at Northrop Grumman, a security and defense government contractor, developing front-end site code and backend Java software and managing a MySQL database, according to what appears on his Linkedin page.

Facebook users hit with “You are in this video?” malware scam

This is an old-school, widely tried-and-tested strategy through which scammers lures innocent users to click open dangerous links designed specifically to steal login credentials or infecting the victim’s computer system with malware. Many users get trapped in this scam mainly because the message appears on the social network’s private messaging service, the Facebook Messenger, and it is apparently sent by a friend. The reason why another of your Facebook contact sends you this malicious message is that his or hers own account has already been compromised.

New POS Malware Attacks Are Becoming More Aggressive

The malware in question is known as FastPoS. It’s modular, meaning that its creator can quickly add or subtract components that change its behavior—while making it harder for traditional endpoint protection to spot. In this instance, the author has uploaded a module that logs the keystrokes of anyone using the infected PoS terminal, as well as a scraper that can detect credit card numbers in RAM. As soon as a number is detected, the malware immediately sends the number out to its command and control servers—without even bothering to encrypt them.