IT Security News Blast 1-18-2017

Why healthcare is a vulnerable sector for cyber attack – and what can be done about it

Stored data within many institutions includes individual’s blood type, medications, treatments, lab test results as well as financial data including bank details, credit card and insurance information – which can be regarded as a treasure trove for criminals. This data on the black market; according to data analyst, Aberdeen Group, can fetch around £400 per record. This represents five hundred times more than a credit card number itself.

SIEMs sometimes suck

There are many issues people take up with SIEMs, but one of the biggest problems with SIEMs is that to be useful they are dependent on the data they are being sent and variables related to that data such as volume, velocity and variety. Common questions related to SIEMs are:

Is my SIEM getting enough useful data?

Is my data coming at a timely cadence?

Is my data formatted correctly so it can be processed?

Are my timestamps accurate?

Are my sources generating accurate logs, alerts?

Machine Learning For Cybersecurity Not Cybercrime

Because targeted and advanced threats that seek to prey on organizations and businesses often evade traditional security mechanisms, machine learning algorithms have stepped in to fill in the gap between proactivity and detection. […] The human component, however, is responsible for the accuracy of the machine learning model and for supplying its “wits.” Cybersecurity specialists with years of experience in reverse engineering malware samples and analyzing attack techniques are the ones who usually transfer their experience to machine learning algorithms, training the algorithms for behavior analytics and anomaly detection.

When real-time threat detection is essential

On average, dwell times last months and give cyber criminals all the time they need to peruse a network and extract valuable information that can impact a company, its customers and its employees. There are times when an organization will be especially vulnerable if they don’t have real-time detection capabilities, and in preparation for these events it’s a good idea to reevaluate tools and strategies. Mike Paquette, director of products, security market at Elastic, identifies some of the most common events that can leave an organization vulnerable, and offers advice to successfully navigating them.

The war for cybersecurity talent hits the Hill

Several experts have estimated the workforce shortage of cybersecurity workers in the U.S. — across multiple job titles — currently at 300,000 or more. The most recently available analysis, from the U.S. Bureau of Labor Statistics, said the shortage of such workers in 2015 reached 209,000. Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology.

Obama commutes Chelsea Manning’s sentence

Manning, who was convicted under the 1917 Espionage Act, has spent seven years of a 35-year sentence behind bars for transmitting classified diplomatic cables to WikiLeaks. Supporters have called her sentence one of the harshest ever for similar leaks. Just last Friday, Dinah PoKempner, general counsel at Human Rights Watch, wrote in a blog post that Manning’s prison term was “grossly disproportionate” and said action by Obama would be “appropriate since she was unable under the law to argue that any of her leaks were justified in the public interest, nor did the government have to show that a specific harm resulted from her leaks.”

A full board issue: How should CMOs get a grip on information security?

The move towards a more mobilised workforce and greater collaboration with external partners has hugely extended the ‘data perimeter’ for the enterprise. When the majority of employees were constrained to accessing company information from the office and data was saved on shared drives located in the enterprise, IT could establish the firewall as a secure perimeter. As businesses have shifted to the cloud, the boundary safeguarding sensitive data has shifted considerably. Today, the data perimeter must reside within individual documents instead of the wider business.

New Gmail Phishing Attack Fooling Tech-Savvy Users

The phishers start by compromising a Gmail account, then they rifle through the emails the user has recently received. After finding one with an attachment, they create an image (screenshot) of it and include it in a reply to the sender. They use the same or similar subject line for the email, to invoke recognition and automatic trust. “You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again,” WordFence CEO Mark Maunder warns.

Cyber Crime: More IT Scams Aimed at Millennials

In findings from a recently released Norton Security report, Millennials are now the leading victim group for cybercrime, surpassing even the elderly.  Surprised?  Don’t be—it happens to a lot of people. […] The new Norton Security report highlights the following facts:

People are aware of the need for cyber security, but choose to overlook the risk

Many people do not recognize spoof and real email

WiFi hotspots are a real problem if you do not use a VPN

Consumers do not consider cyber connections as part of their overall home security

Anonymous warn Trump: ‘You will regret the next 4 years’

In a series of tweets sent from @YourAnonCentral, a Twitter account associated with the group, to the president-elect, Anonymous said: “This isn’t the 80’s any longer, information doesn’t vanish, it is all out there. You are going to regret the next 4 years.” The group also claimed he has “financial and personal ties with Russian mobsters, child traffickers, and money launderers.”

Inquirer Editorial: Cyber security too important to give Giuliani the job

Americans use the internet for everything from personal finances to sharing family photos. Businesses and governments at every level have sensitive information rambling around in cyberspace where it could compromise national security or cause financial ruin. Given that reality, it’s hard to agree with Trump’s pick of former New York Mayor Rudy Giuliani as his cyber security advisor.  […] Giuliani mouthed the right words when he agreed that the nation is vulnerable to internet attacks, but his own company’s vulnerabilities show he doesn’t know what to do about it. Trump should find someone who understands cyber security instead of rewarding a campaign supporter who isn’t capable of doing this job.

French government prepares for cyber-meddling in spring elections

The director of the French National Agency for the Security of Information Systems, Guillaume Poupard, recently told news agency FRANCE 24 that he’s expecting it: “We’re clearly not up against people who are throwing punches just to see what happens. There’s a real strategy that includes cyber, interference and leaked information.” The elections will be held in April and May 2017, seeing a number of candidates battle it out for the presidency. Marine Le Pen, avowed admirer of Russian president Vladimir Putin and leader of the far right party National Front, is expected to do well.

McDonald’s Website Is Insecure

McDonald’s website is insecure and could lead to passwords being stolen, according to Dutch software engineer Tijme Gommers. The attack, reported on Gommers’ blog, is possible thanks to an Angular expression injection vuln present in and could be used to steal and ship logins to attackers along with account information should users follow links.

Uber Flaw Allows Free Rides

The Uber mobile application uses the IMEI (International Mobile Equipment Identity) to identify each device registered on the service. However it appears that it can easily be changed or spoofed by device owners. By posing as a new user with a newly acquired device the company grants the hacker new credit. The anonymous user has stated that for this operation to be made the following tools are needed:

A Rooted Device – All used devices need to be rooted to run the designated tools.

Xposed Framework – This is a framework for modules that allow system and application changes without any APK modification.

CardGen – Used to generate payment card details.

IMEI Changer – Used to change the IMEI number of the exposed device.

DHS move on election security unlikely to survive transition

The controversial decision by the Department of Homeland Security to designate the nation’s election system as “critical infrastructure” has touched off a firestorm of opposition, and the incoming Trump administration has all but promised to overturn it. […] “There is virtually no support from any quarter,” David Dove, chief of staff to Georgia Secretary of State Brian Kemp, told CyberScoop. “We will seek repeal of it from the incoming Trump administration,” he added. They will find a receptive audience, said Republican former senior DHS official James Norton.

Why Canadian Energy Firms Are at a Bigger Risk From Cyber Attacks

“You should expect your networks to be hit if you are involved in any significant financial interactions with certain foreign states,” the official said in the document, obtained by Reuters under access-to-information laws. The hackers would want information on anything from valuations to tax records and client names, the official said in the document. The official said the agency had collected evidence of such espionage in the past.

Andrew Macpherson on Intelligence Gathering with Maltego [Podcast]

Ryan Naraine talks with Operations Manager at Paterva Andrew Macpherson who outlines the details of the “Digital Intelligence Gathering using Maltego” course being offered at the SAS 2017 and talks about the benefits for data mining by pen testers, malware analysts and law enforcement agencies.

Trump Twitter fancy raises security concerns

“Trump’s personal Twitter account could be a goldmine for hackers looking to engage in cyber espionage. Hackers could cause major international upsets and scandals by simply posting disinformation,” Adam Levin, Chairman and Founder of CyberScout and author of “Swiped,” said in comments sent to SC Media. “High profile figures and government agencies are walking targets for hackers, as we have seen with the hacks of the social media accounts of Mark Zuckerberg, Sony, Neflix and Centcom.”

Terrorists are winning the digital arms race, experts say

Twitter removed about 250,000 accounts connected with ISIS in one year, but the terrorist group uses 90 other social media platforms, Rob Wainwright, the director of Europol said Tuesday. Terrorist groups have begun to live stream their attacks, and they are using the internet to launch “innovative crowdfunding” campaigns, he said at the World Economic Forum in Davos-Klosters, Switzerland. “The technology is advanced,” Wainwright added. “They know what to do, and they know how to use it.”