IT Security News Blast 10-27-2017

Class-actions still a reality for U.S. financial firms with bad press
The U.S. Senate killed a rule late on Tuesday that allowed consumers to band together to sue banks and credit card companies even when the small print of their contracts forced them into closed-door arbitration with their grievances. It was a huge win for banks, who feared a flood of costly lawsuits. But for financial firms already in the spotlight for poor treatment of customers, the bad publicity may make it difficult for them to avoid court.
http://www.businessinsider.com/r-update-1-class-actions-still-a-reality-for-us-financial-firms-with-bad-press-2017-10

Exchanges in talks with U.S. SEC to delay new audit system: sources
The U.S. exchanges are seeking to postpone implementation of a massive database, known as the Consolidated Audit Trail (CAT), due to concerns about fast approaching deadlines and worries about cyber security, said the sources, who asked for anonymity because the talks are private. The SEC, which ordered CAT after the May 2010 “flash crash” and views it as critical to the oversight of markets where trading happens in tiny fractions of a second, declined to comment.
https://www.reuters.com/article/us-sec-data-cat/exchanges-in-talks-with-u-s-sec-to-delay-new-audit-system-sources-idUSKBN1CV38W

AIG to include cyber coverage to commercial casualty insurance
The change is part of the insurance giant’s effort to shift from issuing policies that do not specify whether cyber losses are covered, said Tracie Grella, AIG’s Global Head of Cyber Risk Insurance, while on the sidelines of a cyber risk conference in New York on Thursday. AIG is in the process of reviewing all types of coverage it offers to gauge its exposure to cyber risk, Grella said.
https://www.reuters.com/article/us-aig-cyber/aig-to-include-cyber-coverage-to-commercial-casualty-insurance-idUSKBN1CV2XE

Health Care 20/20: Atlanta’s health care leaders reveal what keeps them up at night
No matter how much a health system expands and invests in technology, “if you don’t have the right people, you can fail in your mission,” Mullins said. “And this is a very competitive landscape when it comes to having the best nurses or the best doctors. I think that competition is good. I think it’s made all of our systems better for it.”
https://www.bizjournals.com/atlanta/news/2017/10/26/health-care-20-20-atlantas-health-care-leaders.html

PHI Security Could Be At Risk in Boston Scientific Medical Device
“The affected device uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media,” the advisory warned. “The affected device does not encrypt PHI at rest.” The vulnerabilities do require physical access, ICS-CERT added, and there are currently no known exploits of the vulnerabilities. An attacker with a low skill set could also potentially exploit the found vulnerabilities.
https://healthitsecurity.com/news/phi-security-could-be-at-risk-in-boston-scientific-medical-device

America Asleep at the Keyboard as Cyber Warfare Gets Real
“The FBI didn’t have a relationship with the DNC, so the agent called the main number and asked for the security guy,” Alperovitch told the Pop!Tech audience. “They didn’t have one. He was transferred to the help desk.” The person who picked up the phone was not even a DNC employee. He was a contractor. “He thought it was a prank call and literally hung up on the FBI agent,” said Alperovitch. Apparently thinking he had done his job, the FBI agent moved on.
https://freepressonline.com/Content/Home/Homepage-Rotator/Article/America-Asleep-at-the-Keyboard-as-Cyber-Warfare-Gets-Real/78/720/55476

Two Critical Vulnerabilities Found In Inmarsat’s SATCOM Systems
Researchers warn communication systems running the AmosConnect 8 platform are exposed to vulnerabilities that could give an attacker full administrative privileges and allow a remote attacker to access user credentials. […] The second bug (CVE-2017-3222) is tied to hard-coded credentials found in AmosConnect 8 that allow remote attackers to gain full administrative privileges and the ability to execute commands on targeted systems, according to the CVE record.
https://threatpost.com/two-critical-vulnerabilities-found-in-inmarsats-satcom-systems/128632/

Kaspersky May Have Found How Russian Hackers Stole NSA Data
The user in question later intentionally downloaded malware-laden piracy software, specifically a Microsoft Office key generator, and temporarily disabled the Kaspersky product on the machine as it would have prevented the installation of the tool. The malware, detected as Backdoor.Win32.Mokes.hvl, remained on the device for an unspecified period and it opened a backdoor on the system, giving hackers easy access to the computer.
http://www.securityweek.com/kaspersky-may-have-found-how-russian-hackers-stole-nsa-data

US Intelligence Community Fears Russia’s Growing Military Might
“The Russian military has built on the military doctrine, structure, and capabilities of the former Soviet Union, and although still dependent on many of the older Soviet platforms, the Russians have modernized their military strategy, doctrine, and tactics to include use of asymmetric weapons like cyber and indirect action such as was observed in Ukraine,” the DIA report states.
http://nationalinterest.org/blog/the-buzz/why-the-us-intelligence-community-fears-russias-growing-22914

NATO Chief Says Allies Concerned about Russian Phone Jamming
“My phone shut down for about four or five hours. The suspicion is that it was a Russian ship in the Baltic Sea, with the technology capable of blocking cellular signals,” Latvian lawmaker Ojars Kalnins said earlier this month. He said the jamming “focused on the Oeland islands in Sweden” but that “it did shut down all communications, including emergency phone service in Latvia. Our 911 service was shut down for several hours during this experimental attack.”
http://www.military.com/daily-news/2017/10/26/nato-chief-says-allies-concerned-russian-phone-jamming.html

Reddit conducts wide-ranging purge of offensive subreddits
Whereas Facebook tries to ensure that all content on the site is suitable for a general audience, Reddit willingly hosts content that is sexually explicit, violent, or disturbing in a variety of other ways. But even Reddit has its limits. On Wednesday, the site announced a new policy clarifying its rules against content that incites violence. “We will take action against any content that encourages, glorifies, incites, or calls for violence or physical harm against an individual or a group of people,” Reddit administrator landoflobsters wrote. Promoting harm to animals is also against the rules.
https://arstechnica.com/tech-policy/2017/10/reddit-conducts-wide-ranging-purge-of-offensive-subreddits/

New Documents Show Extent Of Domestic Surveillance Under Executive Order 12333
“These documents point to just how thoroughly the public has been kept in the dark about warrantless surveillance under Executive Order 12333,” said Sarah St. Vincent, a surveillance, and national security researcher. Their explanations of the order suggest that the government may be carrying out monitoring that poses serious problems for human rights, and Congress should seek more information about what the intelligence agencies are doing in this respect.”
https://www.mintpressnews.com/new-documents-show-extent-of-domestic-surveillance-under-executive-order-12333/233704/

Goodbye Uzi, Hello Big Brother: The Israelis Arming the World With Sophisticated Cyber-weapons
The use of electronic surveillance by intelligence and law enforcement agencies has flourished, and the Herzliya-based NSO Group from has become a leading player in this industry. Its product, Pegasus, entices users to click on links that allow almost unlimited access to their cell phones. The intrusion is also very hard to detect. […] NSO is aware of the danger that Pegasus might fall into the wrong hands. To avoid this, it decided to sell the product only to government agencies.
https://www.haaretz.com/israel-news/1.819108

GDPR pushes cyber risk to business leaders’ top concern
The regulation places firms under a legal obligation to notify the Supervisory Authority within 72 hours of having become aware of the data breach and inform individuals if they’re adversely impacted. In cases of non-compliance firms could be hit with a maximum fine of up to 4% of the annual worldwide turnover of the preceding financial year.
https://www.reinsurancene.ws/gdpr-pushes-cyber-risk-business-leaders-top-concern/

Safeguarding Our Economy and Our Future
In this report, the Task Force focuses on how to leverage public-
private partnerships, such as those established under the Cybersecurity Information Sharing Act (CISA) that focus on resiliency and risk management, to strengthen our nation’s cyber defense and foster the development of greater cybersecurity both within the government and outside of the regulatory bureaucracy.
https://newdemocratcoalition-himes.house.gov/sites/newdemocratcoalition.house.gov/files/documents/2.0FINAL%20-%20New%20Dem%20Cyber%20TF%20WP_10.26.2017.pdf

Days after activists sued, Georgia’s election server was wiped clean
A server and its backups, believed to be key to a pending federal lawsuit filed against Georgia election officials, was thoroughly deleted according to e-mails recently released under a public records request. […] As the Associated Press reported Thursday, the data was initially destroyed on July 7 by the Center for Elections Systems at Kennesaw State University, the entity tasked with running the Peach State’s elections.
https://arstechnica.com/tech-policy/2017/10/days-after-activists-sued-georgias-election-server-was-wiped-clean/

EternalRomance Exploit Found in Bad Rabbit Ransomware
One day after clear ties were established between the Bad Rabbit ransomware attacks and this summer’s NotPetya outbreak, researchers at Cisco today strengthened that bond disclosing that the leaked NSA exploit EternalRomance was used to spread the malware on compromised networks. This contradicts earlier reports that neither EternalRomance nor EternalBlue were part of this week’s ransomware attack that was confined primarily to Russia and the Ukraine.
https://threatpost.com/eternalromance-exploit-found-in-bad-rabbit-ransomware/128645/

This malware turns itself into ransomware if you try to remove it
IT security researchers at SfyLabs have discovered an Android banking malware called LokiBot that converts itself into a fully fledged ransomware once the targeted victim tries to remove it from the infected device. The malware has been in the news since June this year, but since its developers keep coming up with additional features, it has become a quite nasty piece of malware stealing personal and financial information from tons of banking apps and other popular apps including Outlook Skype and WhatsApp.
https://www.hackread.com/malware-turns-ransomware-try-remove-it/
‘Reaper’ IoT Botnet Likely a DDoS-for-Hire Tool
The IoT botnet IoTroop has amassed 10,000 to 20,000 devices and has another 2 million hosts that have been identified as potential botnet nodes, according to Arbor’s Security Engineering & Response Team (ASERT), which refers to the botnet as Reaper. […] Reaper contains a hint of code from the infamous IoT botnet Mirai and has the ability to launch SYN, ACK, and http floods, as well as DNS reflection/amplification attacks, according to the researchers.
https://www.darkreading.com/mobile/reaper-iot-botnet-likely-a-ddos-for-hire-tool/d/d-id/1330235

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.