IT Security News Blast 11-27-2017

Human and Machine Cybersecurity

Cyber security requires man and machine, says F-Secure
A combination of humans and machines offers a “unique competitive advantage”, according to Jyrki Tulokas, executive vice-president at F-Secure, one of the largest cyber security firms in Europe. […] F-Secure believes that working with organisations to understand their particular security challenges enables the company to deliver better cyber security products and services.
http://www.computerweekly.com/news/450430451/Cyber-security-requires-man-and-machine-says-F-Secure

 

Zeus Banking Trojan Spawn: Alive and Kicking
On Thursday, Zeus Tracker, which tracks known Zeus servers and offers related block lists, reported that it was tracking 479 Zeus command-and-control servers, of which 131 were online. It says Zeus binaries get detected on average 43 percent of the time, according to the VirusTotal free malware-scanning service.
https://www.bankinfosecurity.com/zeus-banking-trojan-spawn-alive-kicking-a-10471

 

A cybersecurity checklist for industrial, mining or oil and gas systems
Mining and oil and gas companies not only face threats from cybercriminals hoping to gain financially but may also be targeted by “hacktivists” who want to make a political or environmental point, says Yogen Appalraju, EY Canada’s cybersecurity leader. He said companies can ward off such attacks but the checklist they must follow is long and continuously changing.
http://business.financialpost.com/pmn/business-pmn/a-cybersecurity-checklist-for-industrial-mining-or-oil-and-gas-systems

 

Information Security Consulting Market 2017 Global Trend, Segmentation and Opportunities Forecast To 2022
According to Stratistics MRC, the Global Information Security Consulting market is estimated at $15.89 billion in 2016 and is expected to reach $30.11 billion by 2022 growing at a CAGR of 11.2% from 2016 to 2022. Increasing network attacks and growing complexity in network infrastructure are the key factors driving the market growth. Whereas, high cost for consulting is hindering the market growth.
https://industrytoday.co.uk/it/information-security-consulting–market-2017-global-trend–segmentation-and-opportunities-forecast-to-2022

 

Arkansas county is fighting cyber crime with new techniques
The division intends to use bitcoins for undercover operations in various capacities online, detective Olin Rankin said. Benton County Sheriff Shawn Holloway said the currency is another tool to keep the community safe. The sexual exploitation of children online and similar crimes are growing concerns in the area, he said at a conference Oct. 17.
http://www.pbcommercial.com/news/20171125/arkansas-county-is-fighting-cyber-crime-with-new-techniques

 

Cisco And Tennessee’s Transportation CIO Report On Cybersecurity Trends
Kirk sees three key cybersecurity-related challenges: Providing security for legacy devices that do not support current technology; having a workforce with the right skills for managing modern networks; integrating the separate worlds and sets of skills of Information Technology (IT) and Intelligent Transportation Systems (ITS) to create the optimal foundation for a modern transportation system.
https://www.forbes.com/sites/gilpress/2017/11/26/cisco-and-tennessees-transportation-cio-report-on-cybersecurity-trends/#2ecb3102ff2d

 

The Air Force is speeding up cyber ops
The effort is based on the idea that the speed at which information travels — and therefore the speed of war — will dramatically increase by 2030. The Air Force needs to be able to respond more quickly to increasingly complex cyber threats, so it is trying to ramp up its ability to combine different operational systems’ data in order to make decisions in real time.
https://www.axios.com/air-force-cyber-space-air-2511481104.html

 

Report: FBI Failed to Warn U.S. Officials Targeted by Russia’s Fancy Bear Hackers
As the AP noted, sources said when Fancy Bear allegedly targeted Hillary Clinton’s presidential campaign, FBI agents did visit her headquarters but offered “little more than generic security tips the campaign had already put into practice and refused to say who they thought was behind the attempted intrusions.” The FBI also did not dig very deeply into DCLeaks, an alleged Fancy Bear front which has published numerous leaks of government officials’ email accounts.
https://gizmodo.com/report-fbi-failed-to-warn-u-s-officials-targeted-by-r-1820750699

 

As DOJ calls for “responsible encryption,” expert asks “responsible to whom?”
“I think what Rosenstein is getting at is that he believes that companies in their deployment of encryption should be responsible to law enforcement above all and public safety rather than being responsible to their users or the broader security ecosystem,” she said.
https://arstechnica.com/tech-policy/2017/11/as-doj-calls-for-responsible-encryption-expert-asks-responsible-to-whom/

 

Clock ticking down on NSA surveillance powers
Congress will return from its weeklong Thanksgiving break facing a rapidly-shrinking timeline to reform and renew an authority the intelligence community says is critical to identifying and disrupting terrorist plots. […] But with just a few weeks left until the Dec. 31 deadline, even those tracking the debate closely aren’t sure what reforms, if any, will see the floor in either chamber.
http://thehill.com/policy/national-security/361619-clock-ticking-down-on-nsa-surveillance-powers

 

The ‘huge’ hole in the government’s Russian software ban
The Trump administration’s order barring certain Russian software from government networks doesn’t fully cover one troubling vulnerability — the teeming ranks of government contractors. That omission could leave open gateways for hackers looking to pilfer government secrets, cybersecurity specialists warn, something that has reportedly happened in recent years with contractors from the CIA and the NSA.
https://www.politico.com/story/2017/11/24/the-huge-hole-in-the-governments-russian-software-ban-259473

 

Best Cyber Monday VPN services 2017: 77% off NordVPN
If you sign up to two year’s worth of use that price can be reduced substantially to a very affordable $2.95 a month. And despite the lack of a free trial, PureVPN offers a seven-day money-back guarantee, so you can give it a whirl risk free.
http://www.pocket-lint.com/news/141978-best-cyber-monday-vpn-services-2017-77-off-nordvpn

 

Schumer warns at-home DNA tests could put your sensitive data at risk
“When it comes to protecting consumers’ privacy from at-home DNA test kit services, the federal government is behind; putting your most personal genetic information in the hands of third parties for their exclusive use raises a lot of concerns, from the potential for discrimination by employers all the way to health insurance,” Schumer said in a statement.
http://www.foxbusiness.com/politics/2017/11/26/schumer-warns-at-home-dna-tests-could-put-your-sensitive-data-at-risk.html

 

All 24 suspects nabbed as part of phone scam ring have pled guilty, DOJ says
According to his November 13 plea agreement, Patel, a US-India dual citizen, who was the lead individual defendant in the case, managed six US-based “runners” who liquidated “as much as approximately $25 million in victim funds for conspirators from India-based call center and organization co-defendant HGLOBAL.”
https://arstechnica.com/tech-policy/2017/11/doj-last-of-us-based-suspects-involved-in-huge-phone-scam-has-pled-guilty/

 

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’
“Golden SAML poses serious risk because it allows attackers to fake an identity and forge authentication to any cloud app (Azure, AWS, vSphere, etc.) that supports SAML authentication. Using this post-exploit technique, attackers can become any user they want to be – with the highest level of privileges – and gain approved, federated access to a targeted app,” researchers wrote.
https://threatpost.com/saml-post-intrusion-attack-mirrors-golden-ticket/128993/

 

Shining more light every day on Russia’s political interference
“Despite this clear threat to American democracy, and the unanimous assessment of the intelligence community that Russia interfered in the election in an operation ordered by Vladimir Putin, real discussion of how to halt these activities and prevent them in the future is only beginning now. This is partly driven by a continued partisan divide on the issue — which is being fueled by the Kremlin’s ongoing influence efforts and Putin’s own denials to President Donald Trump.
http://www.homelandsecuritynewswire.com/dr20171124-shining-more-light-every-day-on-russia-s-political-interference

 

Linus Torvalds: Some security folks can’t be trusted to do sane things, some are morons
This round of profanity and insults started after Kees Cook, who works on security for Google Pixel, submitted a pull request on the Linux kernel mailing list. Kees asked Torvalds to “please pull these hardened usercopy changes for v4.15-rc1” which “significantly narrows the areas of memory that can be copied to/from userspace in the face of usercopy bugs by adding explicit whitelisting for slab cache regions.”
https://www.csoonline.com/article/3237778/security/linus-torvalds-some-security-folks-cant-be-trusted-to-do-sane-things-some-are-morons.html

 

Anonymous Muslim Group Confusing ISIS with Porn and Fake News
The group works by first taking note of appearances, activities, and behavior of ISIS members on their website and encrypted application Telegram which is used by its supporters around the world. In one of their feat, the group posted a photoshop image of a naked woman in a porno as an announcement that there will be an opening of a media center in Isis-controlled Syria. A video of ISIS supporters listening to the announcement was altered to appear as if the extremists were actually watching a projection of a naked woman.
https://www.hackread.com/anonymous-muslim-group-confusing-isis-with-fake-news-pornography/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>