IT Security News Blast 11-16-2017

Cyber Hardware

Study: Organizations suffer critical and costly IT incidents five times a month
Among these respondents, 70 percent said that a past critical incident — such as a data breach, ransomware infection of distributed denial of service attack — damaged their organization’s reputation. And yet, 96% of survey-takers admitted that their organizations are failing to learn from previous incidents, and 80 percent said that their mean time to detect incidents can still be improved.
https://www.scmagazine.com/study-organizations-suffer-critical-and-costly-it-incidents-five-times-a-month/article/707517/

 

A CISO Sizes Up Healthcare Security Threats for 2018
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations’ operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross. “I see more disruption in the industry around cybersecurity – it’s more than data exfiltration as a concern. I see more ransomware attacks and denial-of-service attacks … and more of an effort to disrupt the system, the critical infrastructure even more so than trying to get at the data[.]”
https://www.bankinfosecurity.com/interviews/ciso-sizes-up-healthcare-security-threats-for-2018-i-3769

 

Launch of US exchange surveillance system hits pothole
The launch of a long awaited surveillance system to monitor trading in the world’s largest equity market was thrown into confusion as negotiations continued between regulators and exchanges. […]
Addressing the exchanges’ worries over hacking, Mr Clayton said protecting information submitted to the CAT was “of paramount importance” and that he was “open to various paths for addressing cyber security matters”.
https://www.ft.com/content/1136e590-c9df-11e7-aa33-c63fdc9b8c6c

 

One-Fifth of Healthcare Organizations Still Run XP
It doesn’t help that a fifth still have Windows XP machines running on their network, while 18% have connected medical devices running on the legacy OS. Over a quarter (26%) said they either can’t or don’t know if they can update such systems, which is worrying considering the explosion in endpoints of late: nearly half (47%) of HCO pros surveyed manage over 5000 networked devices.
https://www.infosecurity-magazine.com/news/onefifth-of-healthcare/

 

Survey: 26 Percent of Healthcare Organizations Would Pay Ransom in a Cyber Attack
A survey of 300 healthcare IT professionals in the U.K. and the U.S. found that 26 percent reported that their organization would be willing to pay a ransom in the event of a cyber attack. Of these, 85 percent of UK healthcare IT professionals and 68 percent of U.S. healthcare IT professionals have a plan in place for this situation.
https://www.healthcare-informatics.com/news-item/cybersecurity/survey-26-percent-healthcare-organizations-would-pay-ransom-cyber-attack

 

Florida Governor’s Proposed Budget Would Formalize Cybersecurity Training
This year, at AST’s request, the governor proposes making recurring an annual expense of $220,000 to provide IT security training to the security managers across 35 state agencies. Previously, AST received the funding on a year-to-year basis, but as agency spokesperson Erin Choy pointed out, it has a “statutory responsibility” to train state agency information security personnel.
http://www.govtech.com/budget-finance/Florida-Governors-Proposed-Budget-Would-Formalize-Cybersecurity-Training.html

 

How Localgovs Can Guard Against DDoS Stresser Attacks
To begin securing devices from DDoS attacks, the FBI recommends IoT device users take basic precautionary steps, like changing default passwords and usernames, regularly updating their devices and operating IoT devices on protected networks. Below are seven key steps government IT departments can take to guard systems against all DDoS attacks.
https://efficientgov.com/blog/2017/11/15/how-localgovs-guard-against-ddos-stresser-attacks/

 

Trump administration releases rules on disclosing cyber flaws
Speaking at an Aspen Institute event in Washington, Joyce said the rules were the “most sophisticated” in the world and that they set the United States apart from most other nations. […] The process is designed to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them.
http://www.reuters.com/article/us-usa-cyber-rules/trump-administration-releases-rules-on-disclosing-cyber-flaws-idUSKBN1DF0A0

 

How the Government of Canada Plans To Set CyberSecurity Policy
In 2016, the Government of Canada conducted a wide ranging cyber review that solicited 2,399 responses from business and industry leaders on how policies should change and evolve. Merchant said that three consistent themes that came out from the 2016 review was the need for more privacy, collaboration and skilled cyber security personnel. “We are recognizing that cyber-security has become a source for economic prosperity,” Merchant said.
https://www.esecurityplanet.com/network-security/how-the-government-of-canada-plan-to-set-cybersecurity-policy.html

 

Are voting machine hacks overblown?
[A] closer examination reveals that the most direct form of “hacking an election,” breaking into voting machines and altering vote counts, is a good deal more difficult than the headlines suggest. For instance, while many outlets reported that conference attendees were able to penetrate all 30 machines, less reported was the fact that in the vast majority of cases, hackers needed to have extensive and direct physical access, including taking them apart, in order to find the vulnerabilities that allowed them to access voting software.
https://gcn.com/articles/2017/11/15/voting-machine-hack.aspx?admgarea=TC_SecCybersSec

 

Colorado implements Risk-Limiting Audit process to verify election results
The main thrust of the Risk-Limiting Audit Process is to require all jurisdictions to have a sound ballot accounting process and use a batch size of one ballot, which requires that a cast vote record (CVR) exist and be available and retrievable for each individual ballot, according to the State of Colorado Risk-Limiting Audit Final report.
https://www.scmagazine.com/colorado-officials-discuss-implementation-of-risk-limiting-audit-process/article/707718/

 

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty
Fallchill gets onto Microsoft Windows computers via malware already in place on the machines, or getting onto poorly patched browsers via drive-by downloads. Once on a system, the code opens faked TLS connections for communications with the outside world, ciphering the data with RC4 encryption using the following key: 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82.
https://www.theregister.co.uk/2017/11/15/hidden_cobra_north_korea_malware_fallchill/

 

World War 3: North Korea to make CYBER-WARFARE its weapon of mass DESTRUCTION
North Korea watchdog 38 North’s Adam Meyers said: “North Korea’s disregard for the consequences of its actions sets them apart from other nation state, and is particularly dangerous.” He said North Korea’s isolation gives it an “effective shield from which to launch offensive cyber operations against a connected and delicate global system”.
https://www.express.co.uk/news/world/879669/World-War-3-North-Korea-cyber-warfare-weapon-of-mass-destruction

 

Schneier: It’s Time to Regulate IoT to Improve Cyber-Security
“Availability and integrity threats are important as real risks to life and property now,” Schneier said. “So now vulnerabilities have very different consequences, there is a difference between when a hacker crashes a computer and you lose your data and when a hacker hacks your car and then you lose your life.”
http://www.eweek.com/security/schneier-it-s-time-to-regulate-iot-to-improve-cyber-security

 

Former SECNAV Lehman: Russian Cyber Forces Stealing U.S. Technological Edge
In order to combat the leak of information, Lehman called for a quicker U.S. acquisition process to allow industry and the Pentagon to more quickly bring high-tech systems to the field. Lehman said while the U.S. has a 22-year process to get a major weapon system to the field, Russia and China have about a seven year cycle. “They both, through different means, got rid of a lot of their bureaucracy and ours continues to grow,” he said.
https://news.usni.org/2017/11/15/former-secnav-lehman-russian-cyber-forces-stealing-u-s-technological-edge

 

Cybercom Challenges Industry: Be Agile, Precise
“We have to be lean and agile as we execute our programs,” Rogers said in a video. “We cannot keep the United States safe into the future, especially in the rapidly changing domain of cyber, using a firehose approach. We have to have the precision of a microsurgeon. We can’t just be good, we have to be great. And, we can’t be great without partnerships.”
https://www.defense.gov/News/Article/Article/1373397/cybercom-challenges-industry-be-agile-precise/

 

MIT Helping to Define New Model to Restore Trust in Cyber-Security
While there is a need for privacy and encryption, there is also a need to be able to access private data in a secure manner for such use cases as counterterrorism, medical emergencies and in times of humanitarian crisis, he said. “How do we share data safely, and how do we secure it better and then shift the whole model?” Shrier asked the capacity keynote audience.
http://www.eweek.com/security/mit-helping-to-define-new-model-to-restore-trust-in-cyber-security

 

US govt’s ‘foreign’ spy program that can snoop on Americans at home. Sure, let’s reauth that…
Most stark in its misinformation is the claim within the report that a new section on “minimization and disclosure provisions” provides “restrictions” on the FBI’s use of section 702 information. In fact, the “restrictions” amount to permission for the Feds to use a database that is only supposed to contain information on foreign intelligence targets. For years, the FBI and NSA sought to hide the fact that the FBI was using information on US citizens captured through the program to investigate domestic crimes in direct violation of the explicit wording of the law.
https://www.theregister.co.uk/2017/11/15/senate_intelligence_committee_s702_report/

 

Eli Lake: An NSA breach and war on privacy
In this case the proper analogy is not Big Brother, but an outbreak. A shadowy network of hackers, known as the shadow brokers, stole the NSA’s toolbox of cyber weapons it had used to peer into the computers of our adversaries. This network then offered subscribers the fruits of powerful cyber weapons that the U.S. government was never supposed to even acknowledge. The virus is no longer confined to the lab. It’s out in the wild.
http://www.lenconnect.com/opinion/20171115/eli-lake-nsa-breach-and-war-on-privacy

 

The quiet battle for control of the internet
[The] internet’s structure is continually evolving and regularly contested. Just because the internet has so far operated in line with principles inherited from its original creators, emphasizing interoperability and free expression, does not mean it always must or will. In fact, the recent and intensifying push by governments to promote the concept of “digital sovereignty” represents a real and rising threat to the internet as a force for good.
https://www.opendemocracy.net/digitaliberties/will-wright/quiet-battle-for-control-of-internet

 

Amazon Echo and Google Home Devices Vulnerable to BlueBorne Attack
Researchers warn that if targeted device is unpatched, attackers can take over them to spread malware and establish a “man-in-the-middle” attack to gain access to critical data, personal information, traffic, and networks. The vulnerability is different and dangerous from others since it doesn’t require attackers to trick users into downloading malware or click on a link.
https://www.hackread.com/amazon-echo-google-home-devices-vulnerable-to-blueborne-attack/

 

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update. […] So, users are strongly recommended to apply November security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.