IT Security News Blast 10-13-2017

Join Us For Fud Light, 10/19, Owl and Thistle

Join us this upcoming Thursday, 10/19, for FUD Light: a happy hour to discuss the world’s favorite light-hearted conversation topic — cybersecurity. Come to discuss information security topics that may drum up feelings of fear, uncertainty, and doubt. Or, have a beer on us to drown the FUD away! FUD Light — the Happy Hour you can always count on.

https://criticalinformatics.com/cybersecurity-happy-hour-october-19th/

Banks, Cryptocurrency Exchanges and Critical Infrastructure are Forecast to be the Most Likely Targets for Hacking in the Near Future – According to Group-IB Hi-Tech Crime Trends Report

  1. In the next year, the main point of losses for banks from cyber-attacks will be not theft of money, but destruction of their IT infrastructure during the final stages of a targeted hacking attack.
  2. Hackers will now successfully attack more industrial facilities as they have learnt how to work with the “logic” of critical infrastructure.
  3. Hackers are switching their focus from banks to the crypto industry (ICO, wallets, exchanges, funds), which have been accumulating increasingly large capitalisations and funds.

http://markets.businessinsider.com/news/stocks/Banks-Cryptocurrency-Exchanges-and-Critical-Infrastructure-are-Forecast-to-be-the-Most-Likely-Targets-for-Hacking-in-the-Near-Future-According-to-Group-IB-Hi-Tech-Crime-Trends-Report-1004025041

NY attorney-general probes Deloitte over cyber attack

The investigation comes one month after Eric Schneiderman launched a similar probe into a massive cyber security breach at US credit rating agency Equifax that threatened the personal details of up to 143m Americans. A spokesperson for Mr Schneiderman said he planned to examine Deloitte’s “data breach and its circumstances”. The probe was first reported by the Wall Street Journal.

https://www.ft.com/content/9ebb9228-af5c-11e7-beba-5521c713abf4

Maritime Cyber Security: No Substitute for Testing

No organization, be those international institutions, government agencies or small businesses can ever be 100 per cent cyberattack proof, as several examples have recently indicated. Therefore preparedness, in the form of testing cybersecurity structure via different tools for any potential attacks, is vital for minimizing cyber risks. This is as true for the maritime sector and any other, since the outcomes of such an attack may vary from loss of revenue to environmental disaster and loss of life.

https://www.chathamhouse.org/expert/comment/maritime-cyber-security-no-substitute-testing

Smart cities are making the places we live more vulnerable to attacks

While smart city technologies no doubt bring benefits, the rush to embrace them carries considerable risk,” said the EIU in its “Safe Cities Index” report. “If investments in digital technologies are not accompanied by commensurate investments in cyber security, the consequences could be dire. An entire city could be left in chaos if hackers were to shut down the power supply; a prospect city officials now need to plan against.”

https://qz.com/1099922/ranked-the-safest-cities-to-live-in-the-world-by-the-eiu-with-smart-cities-and-digital-focus/

Come fly the hackable skies

Many security experts are in agreement that the transportation sector in general and aviation industry in particular, are woefully unprepared for the new threats brought by the new world of connectivity and the Internet of Things. Airlines and airports must construct well-defined information security strategies to help safeguard airline customer information, protect the airline’s digital assets, and enable the accuracy of information exchanged within the aviation framework.

http://www.securityinfowatch.com/article/12374168/come-fly-the-hackable-skies

FDA pilot program sparks questions about healthcare IoT security risks

The FDA announced in July 2017 that it would fast track the regulatory approval process for digital healthcare devices by evaluating the companies behind the solutions instead of the actual solutions. Under the proposal, pre-certified companies will not need to provide the same level of pre-market data for each new digital health product, with some “low-risk” tools not needing any pre-market data at all. Among the companies that are initially pre-qualified under the proposed fast track program are Apple, Fitbit, and Samsung.

http://www.techrepublic.com/article/fda-pilot-program-sparks-questions-about-healthcare-iot-security-risks/

F-35 stealth fighter data stolen in Australia defence hack

Sensitive data about Australia’s F- 35 stealth fighter and P-8 surveillance aircraft programmes were stolen when a defence subcontractor was hacked using a tool widely used by Chinese cyber criminals, officials said today. The 50-person aerospace engineering firm was compromised in July last year but the national cyber security agency, the Australian Signals Directorate (ASD), only became aware of the breach in November, technology website ZDNet Australia reported.

http://www.financialexpress.com/world-news/f-35-stealth-fighter-data-stolen-in-australia-defence-hack/891245/

Massive ‘Alf’ military data breach prompts demands to reveal state hackers

Australia should “name and shame” countries behind state-sponsored hacking to build up international pressure against the practice, a cyber-security expert has said in the wake of the major breach of a defence subcontractor. And the Turnbull government may soon start doing exactly that, Australia’s cyber affairs ambassador Toby Feakin has told Fairfax Media, citing greater political awareness and technical clarity over how cyber attacks originated.

http://www.smh.com.au/federal-politics/political-news/massive-alf-military-data-breach-prompts-demands-to-reveal-state-hackers-20171012-gyzrsq.html

Kaspersky in focus as US-Russia cyber-tensions rise

“Given that the Russians have so far got away with no real consequences for the biggest, most impactful operation, the hacks and influence campaign targeting the 2016 US election, I’d say they are doing pretty well.”  But Gabriel Weimann, a professor at Israel’s University of Haifa and author who has written on cybersecurity, said it may be premature to declare Russia the winner.  “We don’t really know the achievements of NSA in monitoring the web, this kind of information is secret,” Weimann said.  “This is a cat-and-mouse game.

http://www.financialexpress.com/industry/kaspersky-in-focus-as-us-russia-cyber-tensions-rise/891561/

North Korea HACK: How Pyongyang targeted US with phishing emails in cyber attack on Seoul

Secret intelligence documents and photos collected by the US military were among what was stolen from South Korea’s classified information by Pyongyang hackers in September 2016. The hackers asked their victims to take part in a fundraiser in an email, according to a report by the internet security firm FireEye that was obtained by NBC News. The targets who downloaded the attached invitation would then invite malware onto their computer network, according to the report.

http://www.express.co.uk/news/world/865639/North-Korea-latest-news-cyber-attack-South-Korea-Seoul-FireEye-Kim-Jong-un

Russian hackers ‘used Pokemon Go as part of attempts to meddle in US election’

Under the banner of Don’t Shoot Us, a collective that seemed to share the aims of Black Lives Matter but which is now believed to be run by Russians, the game was created to inspire online participants. Users could visit sites where police brutality had been recorded, and were encouraged to give their Pokemon characters names of real-life victims, such as Eric Garner, who died on Staten Island. The winner of the Pokemon contest would receive an Amazon gift card, the Don’t Shoot Us site said.

http://www.telegraph.co.uk/news/2017/10/12/russian-hackers-used-pokemon-go-part-attempts-meddle-us-election/

What’s trending it the Mac malware landscape?

Malware and online threats for Macs are expected to evolve faster than ever, and new, novel malware distribution methods like social engineering-based campaigns, phishing emails, and possibly dangerous applications in the Apple store continue to emerge. Potential unwanted programs that are aggressively promoted via advertising campaigns on websites the world over, will extensively target Mac users.

https://www.macworld.com/article/3232351/macs/what-s-trending-it-the-mac-malware-landscape.html

Man acquitted of felony charge over Facebook police parody page sues

Anthony Novak alleges federal civil rights violations in the aftermath of his 2016 arrest by the police department of Parma, just south of Cleveland. The agency issued an advisory last year to citizens saying the page wasn’t real and that “the public should disregard any and all information posted on the fake Facebook account.” Novak was acquitted by a jury of the felony charge of disrupting a public service.

https://arstechnica.com/tech-policy/2017/10/man-acquitted-of-felony-charge-over-facebook-police-parody-page-sues/

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text forms, the researchers explain. […] To trigger the vulnerability, no active involvement by an attacker is required. An attacker might remain completely passive,” the advisory reads. “The impact is that a supposedly S/MIME encrypted mail can be read without the private keys of the recipient. This results in total loss of security properties provided by S/MIME encryption.”

https://thehackernews.com/2017/10/outlook-email-encryption.html

On ethics and technology – we all know we have to do better, right?

And then there are the ongoing debates – in government and in business – around data protection and privacy; nation state cyber security attacks; artificial intelligence and its potential impact on jobs; the lack of diversity in the tech workforce (and the sexism all-too often associated with it); the list goes on. There’s no doubt that awareness of the risks and downsides of technology is becoming more widespread.

http://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/On-ethics-and-technology-we-all-know-we-have-to-do-better-right

Equifax Takes Down Compromised Page Redirecting to Adware Download

“Despite early media reports,  Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.  The  issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

https://threatpost.com/equifax-takes-down-compromised-page-redirecting-to-adware-download/128406/

Equifax rival TransUnion also sends site visitors to malicious pages

On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins. The attack chain remained active at the time this post was going live. Segura published this blog post shortly after this article went live on Ars. […] The common thread tying the affected Equifax and TransUnion pages is that both hosted fireclick.js, a JavaScript file that appears to invoke the service serving the malicious content.

https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/

MS Office Built-in Feature Allows Malware Execution Without Macros Enabled

This Macro-less code execution in MSWord technique, described in detail on Monday by a pair of security researchers from Sensepost, Etienne Stalmans and Saif El-Sherei, which leverages a built-in feature of MS Office, called Dynamic Data Exchange (DDE), to perform code execution. Dynamic Data Exchange (DDE) protocol is one of the several methods that Microsoft allows two running applications to share the same data. The protocol can be used by applications for one-time data transfers and for continuous exchanges in which apps send updates to one another as new data becomes available.

https://thehackernews.com/2017/10/ms-office-dde-malware.html

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns

“The behavior is the same, but the extensions used to encrypt the files and the malware binaries are constantly changing,” said Karl Sigler, threat intelligence manager for SpiderLabs at Trustwave. With Ykcol, encrypted files use the extension .ykcol. Sigler said Locky authors also “tweak” the malware’s binaries, only slightly changing code such as variable names or internal logic.

https://threatpost.com/locky-gets-updated-to-ykcol-part-of-rapid-fire-spam-campaigns/128412/

Mr. Robot’s new season has more of the same—epic hacks, creativity amid chaos

Don’t worry. The hacking ambition and technical detail that attracts such a devoted Internet following returns as well. We see Elliot stumble upon a Def Con CTF (capture the flag) competition still taking place between global collectives despite the city being without power for a week (“A CTF tournament, hacker Olympics,” Elliot thinks. “The entire city is suffering an energy crisis while they’re here exercising their inner-anarchy”). And even in this first episode, Mr. Robot rewards those who have followed security news in the past year—I can’t think of another car chase that ends like that in recent memory.

https://arstechnica.com/gaming/2017/10/mr-robots-new-season-has-more-of-the-same-mostly-for-good-despite-chaos/

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.