IT Security News Blast 10-11-2017

Western Washington University is building a cyber range, to be accessible to students statewide. If you are currently CISO of a private sector company and interested in serving on a lightweight advisory council to better help direct outcomes for the employee base you need, we need you. Contact Mike Hamilton.

2017 – The Year of Cyber-security Disasters
It wouldn’t be wrong to call 2017 the year of cyber-security disasters. Hacks, breaches, and ransomware have been a common occurrence. These cyber-security disasters were brought upon us by rogue groups, some of them against the common public, others against state agencies. Some have even been linked with the state against big enterprises and even the common man!
https://factschronicle.com/2017-year-cyber-security-disasters-5068.html

New Malware Hits ATMs Running on Win7 and Win Vista
The IT security researchers at Kaspersky Lab have discovered a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista. This means the malware is ineffective on a majority of ATMs since most of them nowadays use Windows XP. It also hints at the fact that the operator of ATMii is intentionally attacking the ATMs of a certain network and the malware strain has been designed to steal from those machines only.
https://www.hackread.com/malware-hits-atms-running-on-win7-win-vista/

Criminals stole millions from E. Europe banks with ATM “overdraft” hack
The very limited use of actual malware and use of the banks’ own networks to access the card management systems made the attack difficult to detect, as did the use of Windows and PowerShell commands to move within the network. There was little if any data exfiltrated from the banks themselves, as the attackers “adopted the emerging tactic sometimes called ‘living off the land’,” the investigators reported.
https://arstechnica.com/information-technology/2017/10/wave-of-cyber-bank-heists-in-former-soviet-states-netted-40m-in-real-cash/

Money pit to money maker: Making privacy and security a competitive advantage
At analyst Forrester’s recent Privacy and Security Europe event speakers highlighted how successful organisations prioritise data privacy and use it to establish competitive advantage through information security. […] “In the digital age, senior executives are beginning to recognise that trust is a strategic differentiator,” says Tuteja.
http://www.zdnet.com/article/money-pit-to-money-maker-making-privacy-and-security-a-competitive-advantage/

And Now, in Recent New York Cybersecurity Action…
If a consumer credit reporting agency violates any insurance, financial services or banking laws, DFS regulations (or those of other states), provides materially incorrect information or commits similar nefarious acts, the agency’s registration may be revoked or suspended. Finally, the proposed regulations deem consumer credit reporting agencies “Covered Entities” and expressly subject to the DFS cybersecurity regulations.
https://www.lexology.com/library/detail.aspx?g=e7c91c43-03f5-4287-9e31-2b114b60973b

Education, Information Sharing Key in Healthcare Cybersecurity
Furthermore, organizations need to establish an ongoing education program for all employees about cybersecurity and cybersecurity threats. Good security practices must be enforced, she stressed. “Address myths. There are many myths about cybersecurity, for instance, that appropriate security controls decrease productivity,” Meadows said. “Use your C-suite and physician champions and educational sessions to debunk those myths.”
https://healthitsecurity.com/news/education-information-sharing-key-in-healthcare-cybersecurity

3 Ways Healthcare Organizations Can Build Better Cyberdefenses
1. Regular Penetration Tests Keep Cyberdefenses Strong
2. Cybersecurity Leadership Is a Top Priority
3. Give Medical Devices a Second Look for Security
https://healthtechmagazine.net/article/2017/10/3-ways-healthcare-organizations-can-build-better-cyberdefenses

Measure to shield health care data from cyberattacks
Reps. Dave Trott (R-MI) and Susan Brooks (R-IN) introduced last week a bill designed to establish the framework to protect healthcare information from cyber-attacks. The pair of lawmakers said the Internet of Medical Things Resilience Partnership Act would create a public-private stakeholder partnership that collects and centralizes all existing, relevant cybersecurity standards, guidelines, and best practices while identifying high-priority problems and actionable solutions.
https://lifesciencedaily.com/stories/23127-measure-shield-health-care-data-cyberattacks/

Keyboard Warriors: The Online Frontline
Poland’s Defence Minister announced today that he would be investing in 1,000 cyber troops. Speaking earlier at the Cybersec-2017 forum in Krakow, he said the need for a Polish cyber army was due to Russian threats. An enormous £417 billion pounds, (2 billion zlotys) is being poured into the project, and it seems Poland isn’t the only one investing in these keyboard warriors.
http://www.forces.net/news/keyboard-warriors-online-frontline

North Korea hacked war blueprint, says Seoul lawmaker
A trove of classified military documents, including the joint South Korea-US wartime operational plans for conflict with Pyongyang, was stolen by North Korean hackers, a lawmaker in Seoul said. […] The plans reportedly includes detailed procedures for a decapitation strike against the North Korean regime, a proposal that has infuriated Kim Jong Un, the country’s supreme leader.
https://www.ft.com/content/d8bbceb0-ad64-11e7-aab9-abaa44b1e130

Trump’s DOJ tries to rebrand weakened encryption as “responsible encryption”
“Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety,” Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). “Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries.”
https://arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

Press at risk as EU-based companies export surveillance software to hostile regimes
The review did not specify details about the countries or licenses exported, but news outlets and human rights groups have separately reported that surveillance software from EU-based companies was exported to countries under EU sanctions–including Syria, Iran, and Yemen. The sanctions prohibit the export of tools that can be used for “internal repression.”
https://cpj.org/blog/2017/10/press-at-risk-as-eu-based-companies-export-surveil.php

Exclusive: Symantec CEO says source code reviews pose unacceptable risk
U.S.-based cyber firm Symantec (SYMC.O) is no longer allowing governments to review the source code of its software because of fears the agreements would compromise the security of its products, Symantec Chief Executive Greg Clark said in an interview with Reuters.  Tech companies have been under increasing pressure to allow the Russian government to examine source code, the closely guarded inner workings of software, in exchange for approvals to sell products in Russia.
http://www.reuters.com/article/us-usa-cyber-russia-symantec/exclusive-symantec-ceo-says-source-code-reviews-pose-unacceptable-risk-idUSKBN1CF2SB

Commit a crime? Your Fitbit, key fob or pacemaker could snitch on you.
An important bit of evidence came from an unlikely source: the Fitbit tracking Connie’s movements. Others from the home’s smart alarm systems, Facebook, cellphones, email and a key fob allowed police to re-create a nearly minute-by-minute account of the morning that they said revealed Richard’s story was an elaborately staged fiction. Undone by his data, Richard was charged with his wife’s murder. He has pleaded not guilty.
https://www.washingtonpost.com/local/public-safety/commit-a-crime-your-fitbit-key-fob-or-pacemaker-could-snitch-on-you/2017/10/09/f35a4f30-8f50-11e7-8df5-c2e5cf46c1e2_story.html

Beware of sketchy iOS popups that want your Apple ID
In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup. The lookalike popups require less than 30 lines of code and could be sneaked into an otherwise legitimate app that has already found its way into Apple’s App Store.
https://arstechnica.com/information-technology/2017/10/beware-of-sketchy-ios-popups-that-want-your-apple-id/

Cybersecurity and data privacy major issues worldwide, new book finds
“Staying Ahead of the Curve: Cybersecurity and Data Privacy- Hot Topics for Global Businesses” responds to industry cybersecurity concerns, and specifically highlights that cybersecurity and data protection challenges are continuing to grow in importance for global businesses, are evolving and raising new complexities, and are becoming massive global problems.
https://insidecybersecurity.com/daily-briefs/cybersecurity-and-data-privacy-major-issues-worldwide-new-book-finds

Microsoft Patches Critical Windows DNS Client Vulnerabilities
Windows admins are advised to patch immediately; the bug affects Windows 8 and Windows 10 clients, and Windows Server 2012 and 2016. Bishop Fox said it is not aware of any public attacks using this vulnerability. […] The bug, CVE-2017-11779, traces back to the introduction of DNSSEC in the Microsoft operating system starting with Windows 8 via the DNSAPI.dll library.
https://threatpost.com/microsoft-patches-critical-windows-dns-client-vulnerabilities/128344/

Massive Trove of Sensitive ‘Accenture’ Data Exposed Online
The data was left exposed on four Amazon Web Services S3 storage buckets allowing anyone to access and download it by merely entering the buckets’ web addresses on their web browser. Upon analysis, Vickery found that buckets contained internal Accenture data including APIs, cloud platform credentials, configurations, certificates, authentication credentials, decryption keys, customer information and other sensitive data that would be helpful enough to attack and damage Accenture and its customers.
https://www.hackread.com/massive-trove-of-sensitive-accenture-data-exposed-online/

Shadow cloud apps pose unseen risks
The bad news is that these unauthorized cloud apps and services become part of the organization’s shadow IT, bypassing its IT, compliance, and procurement departments. The app may violate industry regulations or expose the company to significant security risks. Because it’s so entrenched, however, it’s too hard to get users to stop using it.
https://www.csoonline.com/article/3228828/cloud-security/shadow-cloud-apps-pose-unseen-risks.html

WannaCry spotted for just $50 on underground Arabic forum
“Unlike marketplaces in Russia and North America, for instance, where its players aim to make a profit, the Middle East and North Africa’s underground scene is an ironic juncture where culture, ideology, and cybercrime meet,” the post said. The same comradery reportedly holds true for other malware sold in the forums including remote access Trojans (RAT), keyloggers, SQL injections, and spam distribution tools as well as for collaboration efforts for DDoS attacks and other website defacements.
https://www.scmagazine.com/wannacry-on-sale-for-50-days-after-major-outbreak/article/699303/

 

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.