IT Security News Blast 11-08-2017

Cybersecurity surveillance

New top U.S. banking regulator urges ‘fresh look’ at rules
America’s top financial regulator said on Tuesday “everything is up for a fresh look” as the Federal Reserve considers dialing back some crisis-era banking rules put in place over the last decade, offering hope to Wall Street and Republicans looking to cut red tape. […] New risks such as cyber security breaches and the growth of financial technology could spark the next financial crisis, he said. “History has shown that it’s not just a question of ‘where has the risk that we knew moved to’ but also what new risks are developing.”


Financial Institutions Hit With New Strain Of Banking Trojan Spread By Alleged Russian Cyber Gang
To protect customers from the subsequent account takeovers, banks need to render banking credentials valueless to the hacker by implementing a layered security defence. “Techniques such as passive biometrics and behavioural analysis correctly identify a customer without relying on their credentials. These new technologies are based on observed consumer behaviour over the lifecycle of their interactions, and not simply on a password or a security question.


Malware signed with stolen Digital code-signing certificates continues to bypass security software
A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code-signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. Digital code-signing certificates are a precious commodity in the criminal underground, digital certificates issued by a trusted certification authority (CA) are used to cryptographically sign software that is trusted by security solutions for execution on your machine.


Oh Brother: Hackers can crash your unpatched printers – researchers
“The attacker will receive a 500 error code in response, the web server is rendered inaccessible and all printing will cease to function,” Trustwave explains. “This vulnerability appears to affect all Brother printers with the Debut web front-end.” More than 16,000 vulnerable devices are accessible from the internet, according to figures from a search using the Internet of Things search engine Shodan.


Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats
Whether the goal is to acquire and subsequently sell intellectual property from one organization to a competitor or the international black markets, to compromise financial data and systems, or undermine the security posture of a nation state by another nation state or sub-national entity, these threats are real and growing at an alarming pace.


What governments can learn from the original Russian cyber attack
During a contentious debate about how to move an old Soviet-era statue, the government was dealing with riots and protests. In the early stages of the government’s response, officials realized they couldn’t upload press releases about the topic to the government’s website. Then news websites went down, followed shortly thereafter by banks and financial institutions.


Russian hackers altered Clinton campaign email, part of broader initiative
Guccifer 2.0, widely believed to be an alias fronting for hackers tied to the Russian government, apparently altered at least one document stolen from the Democratic National Committee (DNC), adding the designation “confidential” to the email. The modification was just one part of a more sophisticated initiative by Russia to disrupt the 2016 presidential campaign, poisoning the waters for Hillary Clinton, according to a report by the Associated Press and based on data released by SecureWorks.


Texas National Guard spent $373,000 on stingray equipment
The Texas National Guard last year spent more than $373,000 to install two of its DRT 1301C “portable receiver systems” in two RC-26 surveillance aircraft. The Texas Observer obtained a contract between Digital Receiver Technology Inc., or DRT, the manufacturers of the device, and the Texas National Guard stating the stingrays were for “investigative case analytical support” in counternarcotics operations and were purchased using state drug-asset forfeiture money.


Big Brother isn’t just watching: workplace surveillance can track your every move
Today’s workplace surveillance software is a digital panopticon that began with email and phone monitoring but now includes keeping track of web-browsing patterns, text messages, screenshots, keystrokes, social media posts, private messaging apps like WhatsApp and even face-to-face interactions with co-workers. […] The majority of surveillance tech providers focus their attention on the financial sector, where companies are legally required to track staff communications to prevent insider trading. But they are increasingly selling their tech to a broader range of companies to monitor staff productivity, data leaks and Human Resources violations, like sexual harassment and inappropriate behavior.


For a Fee, This Crook Will Track Your Enemies’ Flights
“In many cases, it is really possible to get a list of passengers on a flight/car,” Abrisk writes in their listing. The service typically only costs between $50 and $300, although some lookups may be more expensive. The customer receives their data between three and four working days, or perhaps in a matter of minutes depending on what data is needed, Abrisk adds. Abrisk appears to have a number of happy customers.


The Paradoxical Challenge of Weapons & Tech Modernization
For this reason, DOD and the military services appear to not only be emphasizing integration of commercial tech but also working feverishly to increase risk taking and embrace an “expect the unexpected” type of broad strategy. In more specific terms, some of this can be described as several service efforts to “bake in” cyber resiliency early in the acquisition process.


Europe Slowly Starts to Talk Openly About Offensive Cyber Operations
In Europe, cyber capabilities were once seen as a silver bullet for Europe’s defense problems—chronically low defense budgets and outdated materiel could be replaced with an asymmetric capability that could improve Europe’s ability to deter adversaries and project power. Now, as one participant said, “cyber is no longer something special.” There was a more honest and open debate about how cyber capabilities can be used, the challenges with developing and maintaining them, and understanding their strategic effects.


Conferences, Certifications or College: Which Is the Best Path toward a Cybersecurity Career?
Getting certifications is smart because many businesses require them for specific jobs. In some cyber industry sectors, jobs align perfectly with certifications. […] On the other hand, collecting certifications could have its drawbacks. Warren E. Wytostek, writing for the technology learning source InformIT, says, “There are too many certifications. Every vendor offers its own certification and degrees of certification—for example, Microsoft’s MCP, MCSE, MCSD, MCDBA, MCT…. There is no controlling authority, standardization board, or accrediting agency to validate that the training and certification have value in the IT world.”


Hacking the vote: Threats keep changing, but election IT sadly stays the same
The National Institute of Standards and Technology (NIST) Election Cybersecurity Working Group is making an effort to improve standards for security in collaboration with the Election Assistance Commission. But Joshua Franklin, an IT security engineer at NIST who serves as co-chair of the working group, described the challenges in getting states and counties to adopt such voluntary guidance in full.


Feds have eye on cybersecurity issues as voters go to polls
Today, the US electoral system has become highly dependent on technology built on systems that few people put in charge understand. The fundamental weaknesses of decade-old Internet software and operating systems are part of the foundation of America’s electoral process, and they’re ripe for disruption or manipulation. It means an entirely different threat model has to emerge—”secure” may now mean something totally different from the traditional approach.


Identity management to-do list aligns with cybersecurity
Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning. The ESG data suggest a change in the IAM weather — large organizations seem to be prioritizing security as part of their IAM strategies. ESG asked 273 cybersecurity and IT professionals to identify the initiatives that will be part of their IAM strategies over the next 24 months.


Forrester’s top 6 cybersecurity predictions for 2018
Governments will no longer be the sole providers of reliable, verified identities
More IoT attacks will be motivated by financial gain than chaos
Cybercriminals will use ransomware to shut down point of sale systems
Cybercriminals will attempt to undermine the integrity of US 2018 midterm elections
Blockchain will overtake AI in VC funding and security vendor roadmaps
Firms too aggressively hunting insider threats will face lawsuits and GDPR fines


Texas Shooter’s Phone Encrypted
Government and law enforcement officials may soon reignite the debate over encryption after the FBI today revealed that the dead suspect in Sunday’s Texas church shooting was using an encrypted cellphone. […] “Unfortunately at this point in time, we are unable to get into that phone,” Comb said. “So it actually highlights an issue that you’ve all heard about before, with the advance of the technology and the phones and the encryption, law enforcement whether it’s at the state, local or federal level is increasingly not able to get into these phones.”


Hundreds of school websites redirected pro-ISIS web page
The hacking group Team System Dz claimed responsibility for the cyberattack, which redirected users to a website displaying ISIS messages and a recruitment video, as well as an image of former Iraqi president Saddam Hussein, according to the International Business Times UK. The websites’ hosting services provider, Atlanta-based SchoolDesk, reportedly confirmed the attack, noting in a statement that it responded to the incident “immediately” by taking down the impacted websites.


Remote-Access-Trojan [written in Pascal!]
1998 called, and wants its RAT back.




Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.