IT Security News Blast 11-20-2017

Healthcare Summit

Top Takeaways From the Healthcare Security Summit

For one, an online poll we conducted at the opening of our summit on found that 69 percent of respondents rate the state of cybersecurity in healthcare as “failing” or “barely passing.” Seventeen percent say the sector is in dire need of regulatory intervention. And only 14 percent say cybersecurity in the healthcare sector isn’t any worse than other sectors.

https://www.bankinfosecurity.com/blogs/top-takeaways-from-healthcare-security-summit-p-2562

 

10 Health IT predictions for 2018: Al, blockchain, robotics and a $100 million class-action suit

By 2021, the world will have seen its first $100 million class-action lawsuit against a medical device manufacturer for negligence due to a cyber attack causing the death of more than 25 people connected to networked medical devices while hospitalized.

http://www.healthcareitnews.com/news/10-health-it-predictions-2018-al-blockchain-robotics-and-100-million-class-action-suit

 

Cyber security key to improving patient trust and care

“Digitisation can reap considerable benefits for NHS patients and staff, yet the capacity to save money and improve patient care through more seamless, digital processes is dependent on how the NHS leverages cyber security to maintain trust, while capitalising on its exponential data growth. “Preventing successful cyber attacks will be paramount in reducing disruption to medical services and improving patient trust, leading to the greater ability to use data to improve health outcomes[.]”

http://www.businesscloud.co.uk/news/cybersecurity-key-for-improving-patient-trust-and-care

 

A New Type of Cyberattack: AI-Powered Cyberattacks

Earlier this year, cybersecurity firm Darktrace found a brand new type of cyberattack at a company in India. The software used rudimentary machine learning to observe and learn patterns of normal user behaviour inside a network. The malware could learn as it spread, altering its methods to avoid detection for as long as possible.

https://www.natlawreview.com/article/new-type-cyberattack-ai-powered-cyberattacks

 

Cybersecurity: Eight Tenets to Consider

The digitization of the maritime sector has brought about a technological revolution with great efficiencies to the overall operations and global supply chain. Unfortunately ensuring that there is security embedded on the front end is still not the norm. This leaves new and old legacy in a systems cobbled together in a patchwork of structures.

https://www.maritime-executive.com/blog/cybersecurity-eight-tenets-to-consider

 

Russian-speaking countries pose ‘number-one cyber threat to UK’, officials warn

“WannaCry is not going to be the last attack to hit the UK and things are likely to get worse before they get better,” said Oliver Gower, head of the National Cyber Crime Unit. “State actors have tried and will try again to target the UK. “We also know that terrorists show the intent to use cyber attacks to cause damage and spread fear, but we don’t yet believe they have the capability to launch major attacks.”

http://www.independent.co.uk/news/uk/crime/russia-hacking-threat-uk-number-one-warning-cyber-attacks-wannacry-north-korea-iran-investigations-a8061521.html

 

Russia “weaponized information” to sow discord in West, destroy post-WWII international order: Theresa May

So I have a very simple message for Russia. We know what you are doing. And you will not succeed. Because you underestimate the resilience of our democracies, the enduring attraction of free and open societies, and the commitment of Western nations to the alliances that bind us. The U.K. will do what is necessary to protect ourselves, and work with our allies to do likewise.

http://www.homelandsecuritynewswire.com/dr20171117-russia-weaponized-information-to-sow-discord-in-west-destroy-postwwii-international-order-theresa-may

 

Former internet troll reveals secrets of Russia’s Internet Research Agency

A former insider at Russia’s Internet Research Agency (IRA) has divulged details on the online troll factory’s operations, stating that he “absolutely” believes the organization is connected to the Kremlin. In an interview with NBC News, 26-year-old Vitaly Bespalov told NBC News that during his stint at the IRA, workers in the “American department” were paid the equivalent of $1,300 to $2,000 per month to author fake and incendiary news articles, social media posts and comments about U.S. hot-button issues.

https://www.scmagazine.com/former-internet-troll-reveals-secrets-of-russias-internet-research-agency/article/708135/

 

China May Delay Vulnerability Disclosures For Use in Attacks

Today’s publication has spun out of earlier research demonstrating that China’s national vulnerability database (CNNVD) — which is run by the Chinese Ministry of State Security (MSS) — is generally faster at publishing vulnerability details than its U.S. equivalent, the NVD. In a few cases, however, it is considerably slower. These ‘outliers’ have now been analyzed by Recorded Future with surprising results.

http://www.securityweek.com/china-may-delay-vulnerability-disclosures-use-attacks

 

In the era of virtual terrorism, all cyber-enabled nations are equal

[Smaller] and less advanced countries with fewer resources are also able to get on a more level playing field and punch well above their weight in the cyber arena. Iran and North Korea are two good examples. That is having a profound impact on the virtual geopolitical landscape and will continue to affect if, how, and when nations battle each other in cyberspace, with unpredictable outcomes.

http://www.sundayguardianlive.com/opinion/11682-era-virtual-terrorism-all-cyber-enabled-nations-are-equal

 

Pentagon mass surveillance slurped up the world’s social media traffic; then they dumped it on a publicly accessible Amazon cloud server

The Upguard Cyber Risk Team has found three Department of Defense mass-storage “buckets” on Amazon that are world-viewable, containing 1.8 billion of social media posts that the DoD scraped from social media over 8 years as part of its global surveillance program. As Upguard writes, this raises two important questions: why is the DoD spying on everyone (including US citizens at home and abroad, as well as active-duty service members), and why were they so careless with all the data they amassed through that spying?

https://boingboing.net/2017/11/17/dark-clouds.html

 

More countries are using social media to crack down on dissent, study finds

“Governments around the world have dramatically increased their efforts to manipulate information on social media over the past year,” the authors write in their introduction. “The Chinese and Russian regimes pioneered the use of surreptitious methods to distort online discussions and suppress dissent more than a decade ago, but the practice has since gone global. Such state-led interventions present a major threat to the notion of the internet as a liberating technology.”

https://www.theverge.com/2017/11/14/16646192/freedom-on-the-net-2017-freedom-house-facebook-social-media

 

Senators introduces USA Liberty Act of 2017

“The bill’s most glaring deficiency is that it does not require a warrant to access content in cases where the primary purpose is to return foreign intelligence,” the group wrote, noting that “under this exception, the government would have free rein to search and access the content of religious organizations and civil society groups, Congressional staff, and other innocent Americans without a warrant simply if it asserted that the primary purpose was to gather information related to the policies of a foreign country.”

https://www.scmagazine.com/senators-introduces-usa-liberty-act-of-2017/article/708346/

 

The digital universe is growing; it’s also becoming more unequal

[In] 2001, the World Trade Centre was attacked in New York, convincing the US government that its traditional methods of intelligence gathering were no longer working. Julia Angwin, in her book Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, convincingly argues that the coincidence of these two events created a common interest between government and technology companies to track Internet behaviour. Both the US government and Silicon Valley technology companies “arrived at the same answer to their disparate problems: collecting and analysing vast quantities of personal data,” writes Angwin.

http://www.business-standard.com/article/current-affairs/the-digital-universe-is-growing-it-s-also-becoming-more-unequal-117111900017_1.html

 

Robocalls from spoofed Caller IDs may soon be blocked by phone companies

The new authorization from the FCC applies to voice service providers including mobile phone carriers, traditional landline phone companies like AT&T and Verizon, and VoIP carriers such as cable companies. Carriers will be “allowed to block calls purporting to be from invalid numbers, like those with area codes that don’t exist, from numbers that have not been assigned to a provider, and from numbers allocated to a provider but not currently in use,” the FCC said.

https://arstechnica.com/information-technology/2017/11/new-robocall-blocking-tools-on-the-way-but-carriers-can-charge-you-extra/

 

McAfee’s ClickProtect Apparently Infected Devices with Banking Malware

According to a French researcher, the renowned antivirus vendor McAfee sent s file loaded with Emotet banking malware to customers using its anti-hacking service called ClickProtect email protection service. Although Emotet malware was hosted on a third-party website it was shared through a domain that was linked with the project. Ironically, McAfee marketed the anti-hacking service as a fool-proof solution for protecting the business from being hacked.

https://www.hackread.com/mcafees-clickprotect-infected-users-with-banking-malware/

 

GitHub Warns Developers When Using Vulnerable Libraries

The new security feature added by GitHub is designed to alert developers when one of their project’s dependencies has known flaws. The Dependency graph and the security alerts feature have been automatically enabled for public repositories, but they are opt-in for private repositories.

http://www.securityweek.com/github-warns-developers-when-using-vulnerable-libraries

 

Data detective, and 20 other jobs titles of the future

Data detective. Man-machine teaming manager. Genetic Diversity Officer. Those are some of the new job titles we are likely to see over the next 10 years, according to professional services firm Cognizant. Why it matters: Job prospects for truck drivers and cashiers may be dimming, but there are a range of entirely new jobs being created.

https://www.axios.com/here-are-some-of-the-new-jobs-of-the-future-2509843624.html

 

How This Millennial Went From A High School Dropout To Cyber Security Expert

A high school dropout and former hacker, Shah had to overcome run-ins with the police and the disappointment his parents expressed, in order to rise above and find himself, and then eventually success on the other side of the fence. Here are the four pillars of success that Shah credits to his successful journey thus-far.

https://www.forbes.com/sites/deeppatel/2017/11/18/how-this-millennial-went-from-a-high-school-dropout-to-cyber-security-expert/#74dd79744de7

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.