IT Security News Blast 11-06-2017

Network Traffic

[VIDEO] NewsJacker! Episode 11-3-17
In our latest NewsJacker episode, I share my opinions on the simple stuff that the UK’s NHS missed to prevent the WannaCry hack, third-party compliance with the OCC’s new regs, and a discussion of latest IoT threat for consumers—the Reaper/IoTroop.


Can Engineers Build Networks Too Complicated for Humans to Operate? Part II: Making Sense of Network Activities and System Behaviors
As a follow up to Part 1 in this series with f5 Labs, Critical Informatics’ very own CTO Mike Simon delves into techniques for acquiring, analyzing, and managing the Hydra’s head of firehoses aimed at the heads of IT Security folks in charge of interpreting network activities and system behaviors.


Crooks poison results for financial-related searches to deliver banking malware
“By targeting primarily financial-related keyword searches and ensuring that their malicious results are displayed, the attacker can attempt to maximize the conversion rate of their infections as they can be confident that infected users will be regularly using various financial platforms and thus will enable the attacker to quickly obtain credentials, banking and credit card information, etc,” Cisco Talos researchers noted.


Equifax clears executives who sold shares after hack
Equifax Inc said on Friday four of its executives who sold shares before the credit-reporting firm disclosed a massive data breach that wiped out billions from its market value were not aware of the incident when they made the trades. A special committee set up by Equifax’s board to investigate the trades concluded that no insider trading took place and that pre-clearance for the trades was appropriately obtained.


Hackers Exploit Weak Remote Desktop Protocol Credentials
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. […] Attackers now often use botnets to automatically search out internet-connected devices with exposed RDP ports and them hammer them with brute-force username and password guesses until their attack tools find a match, he says. Many RDP credential harvesters will then sell this access to others.


Small businesses at increasing risk of cyber threats
In an auditorium at the Inn at Virginia Tech last month, small-business owners, professionals and technology experts shared horror stories. They weren’t tales of irate customers, unreliable vendors or poor employees, but of unseen villains that wreaked far more havoc on their businesses: cyber security threats.


Prioritizing Data Security Strategies for Health IT Infrastructure
Data security issues often arise with HIT infrastructure as organizations begin to make the upgrade from legacy systems, which may include an older operating system that is no longer supported or medical devices that were not originally designed to be connected to the internet. […] How do HIPAA rules apply to health IT infrastructure components, and how can organizations embrace new technologies while maintaining a high level of data security?


Trump signs Cyber Crime Fighting Act to train up local and state law enforcement
Introduced by Rep. John Ratcliffe, R-Texas, the legislation authorizes the highly regarded National Computer Forensics Institute (NCFI) in Hoover, Ala., which has trained nearly 7,000 local officials from 50 states and three U.S. territories. Shortly after Ratcliffe introduced his bill in March, Sens. Dianne Feinstein, D-Calif., and Chuck Grassley, R-Iowa, introduced a similar bill in the Senate to expand the NCFI its charter to include training local law enforcement in cybersecurity practices.


Senator wants tech giants to help US retaliate against Russia
The fact that the tech giants sent their attorneys and not their CEOs to speak at the hearings didn’t sit well with Senate Majority Leader Mitch McConnell. Of course, he was egged on during an interview with Hugh Hewitt that aired Saturday on MSNBC. […] “They ought to be more interested in cooperating when you have a clear law enforcement issue, more interested in cooperating with law enforcement than they have been[.]” “What we ought to do with regard to the Russians is retaliate, seriously retaliate,” McConnell added. “These tech firms could be helpful in having us, giving us a way to do that.”


Official Urges Boost to Iran’s Cyber Defense Power
Addressing a conference in Tehran, Head of Iran’s Civil Defense Organization Brigadier General Gholam Reza Jalali said future wars would entail a military cyberspace, pointing to the US move to establish a cyber command. Highlighting the rapid changes in the cyberspace and intelligent structures, the general stressed the need for up-to-date technologies for the Armed Forces, warning against the employment of the same weapons and equipment for a long time.


Chinese Hacking Efforts More Strategic, Less Noisy
Instead of driving a truck through the front door, Chinese hacker groups started to pick locks and operate in the shadows. […] “There was indeed a decrease in activity of Chinese APTs following the pact,” Tom Hegel, Senior Threat Researcher at 401TRG, told Bleeping Computer. “They became more strategic and operate with improved tactics since then,” Hegel added. “They were once very noisy with little care for operational security. These days it’s more strategically controlled.”


Trump Organization didn’t discover shadow subdomains with Russian IPs for four years
In a Wednesday blog post on Unhack the Vote, researcher and activist C. Shawn Eib claimed  his team ran a traceroute on one of the subdomains, noting that its IP address, “along with all the IPs in the route once the traffic enters Russia, belongs to the same service provider used by one of the servers hosting” The server, Eib said, “was established approximately one week before the Podesta emails were released, and is located in Moscow, with IP location tools showing both the Trump subdomain traffic transiting through and Wikileaks hosted in a building located near the Kremlin.”


Critical Tor flaw leaks users’ real IP address—update now
On Friday, members of the Tor Project issued a temporary work-around that plugs that IP leak. Until the final fix is in place, updated versions of the browser may not behave properly when navigating to file:// addresses. They said both the Windows versions of Tor, Tails, and the sandboxed Tor browser that’s in alpha testing aren’t vulnerable.


So What the Hell Is Doxxing?
So, how do doxxers dox? They use public records, like property records, tax documents, voter registration databases; they scour social media, real estate websites and even do real-life surveillance to gather information. Then, they publish the information online. For some, doxxing is morally troubling. Law professor Danielle Citron is one. “It provides a permission structure to go outside the law and punish each other,” she says. “It’s like shaming in cyber-mobs.”


Doxx Racists: How Antifa Uses Cyber Shaming to Combat the Alt-Right
Fallon and other antifa doxxers say they don’t want to let people live secret lives of hate and bigotry. Their opponents on the right are not averse to online tussling either. Recent leaks from inside a white nationalist chat room showed the so-called alt-right planning to dox “anti-fascists” in retaliation for perceived humiliations in Charlottesville. […] However, Citron still thinks any kind of doxxing is dangerous. “I don’t care if it’s neo-Nazis or antifa,” she says, “this is a very bad strategy leading to a downward spiral of depravity.”


Beware: this Russian cyber warfare threatens every democracy
The ramifications of this debate are huge. The US and the UK, the two countries that laid the foundations of the post-1945 global liberal order, may have had their political integrity compromised by hostile foreign meddling in a way that helped produce Trump and Brexit. If that turns out to be true, then we are looking at an entirely new world – one whose complexities we may only be starting to fathom.


Over 1 million Android users downloaded fake WhatsApp app
After being exposed, the developer of the fake app tried to trick users once again by renaming it to “Dual Whatsweb Update” before it was booted off from the Play Store. The app was exposed by a Reddit user who conducted a thorough research and indicated that millions of Android users were tricked into downloaded the malicious app.


Researchers find multiple malware families leveraging InPage exploit
“The three InPage exploit files are linked through their use of very similar shellcode, which suggests that either the same actor is behind these attacks, or the attackers have access to a shared builder,” researchers said in the report. Decoy documents used in the exploits suggest the threat actors are politically or militarily motivated since they contained subjects such as intelligence reports and political situations related to India, the Kashmir region, or terrorism in an attempt to lure the victims into clicking them.


Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions
Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. […] Managers should update V8.1 to V8.1 SP1 with WinCC V7.3 Upd 13. The remaining affected versions are still unpatched, but Siemens said it is working on fixes. In the meantime, the ICS giant recommends applying cell protection and using a VPN for network communication between cells.


MS fixes ‘external database’ bug with patches that have even more bugs
They were supposed to fix the widely reported bug in all of the mainstream October Windows security patches that gave rise to a bogus “Unexpected error from external database driver” message. It’s too early to assess all of the damage, but reports from many corners say installing these new patches brings back old, unpatched versions of many files. If you installed one of the patches from yesterday, best to uninstall it. Now.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.