IT Security News Blast 11-17-2017

Block Chain the future of banking

Cyber Insecurity: the high stakes of data protection in an interconnected world
Estimates suggest cybercrime costs the Canadian economy between $3 billion and $5 billion a year. The average per company cost of a data breach has risen as high as $6 million, according to the Canadian Chamber of Commerce. The Bank of Canada has warned that Canadian banks are vulnerable to a cascading series of attacks that could not only undermine confidence in the financial system, but spill over into other sectors, such as energy or water systems.
http://business.financialpost.com/pmn/business-pmn/cyber-insecurity-the-high-stakes-of-data-protection-in-an-interconnected-world

 

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera
When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.
https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/

 

Danger zone: Cyber criminals know big time money is not safe
“The energy sector is trending to be the second most targeted sector in the country in 2017, behind the government and ahead of the financial and telecommunications sectors,” Al Shamrani said. “However, attackers are three times more successful in compromising energy companies than they are in the financial sector. In this era, if oil and gas companies think they haven’t been attacked, or even compromised, I can tell them, you are not looking hard enough.”
http://ameinfo.com/it-2/cyber-criminals-know-big-money-is-not-safe/

 

This banking malware wants to scoop up your email and social media accounts, too
“Social media accounts can be also used as a propagation mechanism once the malware is instructed to post links to downloadable copies of the malware. Additionally, the malware can also steal account login information and cookies, so its operators can hijack the social network account and re-sell access to it, for instance,” Bogdan Botezatu, Senior e-Threat Analyst at Bitdefender told ZDNet.
http://www.zdnet.com/article/this-banking-malware-wants-to-scoop-up-your-email-and-social-media-accounts-too/

 

Blockchain is unlocking the future of banking
In an interview with World Finance, Professor Tim Watson, Director of the WMG Cyber Security Centre at the University of Warwick, described how some firms are so determined to lead the blockchain revolution, they haven’t stopped to consider how to use it. […] “There are a lot of vested interests who are going to fight this tooth and nail. I don’t think they’ll win ultimately, but they could make what should be a two-to-five-year process a 20-year process.”
https://www.worldfinance.com/strategy/blockchain-technology-is-the-future-of-banking

 

House Committee Examining Personnel and Organizational Changes at HHS Cybersecurity Center
“An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed. The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business,” Politico’s Darius Tahir reported.
https://www.healthcare-informatics.com/news-item/cybersecurity/house-committee-examining-personnel-and-organizational-changes-hhs

 

Average Cost of Healthcare Breach? $3.62 Million, Regardless of Compliance
Put simply, just because you are compliant does not make you secure. Security is one of those things that’s a cost, but it’s a cost that will grow exponentially if it’s not properly addressed or adequately mitigated. With or without cyber insurance, the risk will never be zero – but it’s one of those costs that needs to be proactively confronted instead of waiting for breach to occur.
https://www.bankinfosecurity.com/whitepapers/average-cost-healthcare-breach-362-million-regardless-compliance-w-3810

 

Bad Bots and Poor App Security Plague Vertical Markets
According to a Ponemon Institute survey of 600 CISOs and other security leaders across retail, healthcare, and financial services in six continents, bots conduct more than half (52%) of all internet traffic flow. For some organizations, bots represent more than 75% of their total traffic. This is a significant finding considering one-in-three (33%) organizations cannot distinguish between ‘good’ bots and ‘bad’ ones.
https://www.infosecurity-magazine.com/news/bad-bots-and-poor-app-security/

 

Tennessee city still not recovered from ransomware attack
The attack has essentially stopped the city from being able to conduct many of its usual functions as its IT department attempts to rebuild the database from backed up files.   The attack has locked city workers out of their email accounts, and residents are unable to make online payments, use payment cards to pay utility bills and court fines, or conduct any other business transaction.
https://www.scmagazine.com/tennessee-city-still-not-recovered-from-ransomware-attack/article/707847/

 

Cyber consequences: Attacks are hitting the C-suite
The 2013 breach of Target’s payment card system cost chief executive officer Gregg Steinhafel his job, and executives with credit reporting agency Equifax have been “publicly flogged” in the wake of the hack of millions of client records in October. There may be greater consequences for companies that don’t do due diligence, Wheeler suggested, pointing to changes taking shape in the legal regime following the Target attack.
https://www.skiesmag.com/news/cyber-consequences-attacks-hitting-c-suite/

 

North Korea Getting Ready Wage a Global Cyber War, Experts Say
“They’re trying to map out what we have.” He said that this operation already resulted in a breach that compromised planning between the military of South Korea and the United States. Innella said that there’s been discussion recently about recent failures of North Korean rocket launches and whether those failures occurred as a result of cyber-attacks by the west. He said that it appears that the North Korean effort to map out the infrastructure of organizations in the west is a precursor to cyber-war.
http://www.eweek.com/security/north-korea-getting-ready-wage-a-global-cyber-war-experts-say

 

Protecting the innocent from cyber warriors
Under the Geneva Conventions that serve to protect the innocent during a conflict, cyberwarfare is already restricted to military targets. Just as warplanes cannot drop bombs on civilian hospitals, government hackers cannot hit civilian facilities, such as a factory. Yet these humanitarian rules apply only during war. Many cyberattacks today are stealthy events by an adversary whose identity cannot be easily detected. Governments are responding by beefing up their cybercapabilities to respond in kind. This risks the possibility of widespread and mutual destruction of digital networks.
https://www.csmonitor.com/Commentary/the-monitors-view/2017/1116/Protecting-the-innocent-from-cyber-warriors

 

UCLA Engineering develops ‘internet of things’ for the battlefield
The team will develop theoretical foundations for use in unmanned vehicles, sensors and systems to enable autonomous or cooperative missions with soldiers based on data-driven decision making. The IoT for the battlefield is helpful in rapidly changing, unpredictable situations where humans and technology can work seamlessly to increase mission success and reduce casualties.
https://www.eurekalert.org/pub_releases/2017-11/uhss-ued111617.php

 

China cyber watchdog rejects censorship critics, says internet must be ‘orderly’
“We should not just make the internet fully free, it also needs to be orderly… The United States and Europe also need to deal with these fake news and rumors” Ren told journalists without elaborating. China enforces strict internet censorship rules, which have hardened this year with new restrictions on media outlets and surveillance measures for social media sites.
http://www.reuters.com/article/us-china-cyber/china-cyber-watchdog-rejects-censorship-critics-says-internet-must-be-orderly-idUSKBN1DG1VJ

 

How Disinformation And Distortions On Social Media Affected Elections Worldwide
The group described the workings of a paid “keyboard army” that supported the Philippines’ Rodrigo Duterte’s 2016 election; “government agents” in Venezuela propagating “lies about opposition protesters” before elections there; fake news articles shared on social media before Kenya’s election in August; 30,000 “fake accounts” removed from Facebook ahead of elections in France; “mobile broadband networks were reportedly disrupted” in opposition areas during an election in Zambia last year; and networks were shut off before Gambia’s 2016 election.
http://wvik.org/post/how-disinformation-and-distortions-social-media-affected-elections-worldwide#stream/0

 

How Can an Election be Hacked?
Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos.
https://psmag.com/news/how-an-election-can-be-hacked

 

Anatomy of a Fake News Scandal
We found ordinary people, online activists, bots, foreign agents and domestic political operatives. Many of them were associates of the Trump campaign. Others had ties with Russia. Working together – though often unwittingly – they flourished in a new “post-truth” information ecosystem, a space where false claims are defended as absolute facts. What’s different about Pizzagate, says Samuel Woolley, a leading expert in computational propaganda, is it was “retweeted and picked up by some of the most powerful faces of American politics.”
http://www.rollingstone.com/politics/news/pizzagate-anatomy-of-a-fake-news-scandal-w511904

 

GDPR: Crackdowns and conflict on personal privacy
The deal was done in a hurry af­ter the European Court of Justice struck down its predecessor, Safe Harbour, in 2015 following the Edward Snowden revelations about mass surveillance by the US National Security Agency. Those concerns have not gone away. Brussels has voiced concerns that the Trump administration has yet to appoint an independent ombudsman to deal directly with data complaints from EU citizens, amid fears that the US president will prioritise national security and American commercial interests over data privacy.
https://www.ft.com/content/8e502b6e-794d-11e7-a3e8-60495fe6ca71

 

Privacy Management Tools Market Is Set to Garner Staggering Revenues by 2025
These privacy management tools help enterprises in conducting privacy impact assessment, and checking and monitoring activities according to the requirement of privacy regulations. This helps in tracking incident due to which unauthorized access of personal data has done. The market for privacy management tools is increasing due to rising governance for regulators and organizations and increasing risk of cyber-attacks.
http://www.digitaljournal.com/pr/3565602

 

Game theory harnessed for cybersecurity of large-scale nets
The work also applies “prospect theory,” which describes how people make decisions when there is uncertainty and risk, decisions that are often “only partly rational,” said Shreyas Sundaram, an assistant professor in Purdue’s School of Electrical and Computer Engineering. “The research will lead to a more complete understanding of the vulnerabilities that arise in large-scale interconnected systems and guide us to the design of more secure systems, with corresponding societal benefits,” he said.
https://phys.org/news/2017-11-game-theory-harnessed-cybersecurity-large-scale.html

 

New “Quad9” DNS service blocks malicious domains for everyone
Called Quad9 (after the 9.9.9.9 Internet Protocol address the service has obtained), the service works like any other public DNS server (such as Google’s), except that it won’t return name resolutions for sites that are identified via threat feeds the service aggregates daily.
https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/

 

Beware Catphishing attacks targeting the hearts of security pros
Malwarebytes researchers are warning IT workers seeking love online to beware “CatPhishing” scams which can leave entire companies devastated. A play on the term catfishing, in which scammers dupe people into falling in love with false online personas for various reason, in catphishing beautiful women personas target IT and cybersecurity professionals to infiltrate corporate systems for their own gain.
https://www.scmagazine.com/catphishing-attack-target-security-pros-to-get-to-company-secrets/article/708000/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>