IT Security News Blast 11-28-2017

UK Banking Hack

Third of UK banking customers targeted by fraudsters in 2017
In a survey of 2,000 adults, it was found that 37% of people had money stolen from their accounts, with an average of £544 taken on average.  The survey estimates that more than £1 billion has been stolen as a direct result of credit or debit card fraud in the last year. 12% of people who were hacked in the last 12 months have changed their debit or credit card provider, whilst over two thirds (68%) have not considered, or have no intention of changing accounts.
https://ibsintelligence.com/third-uk-banking-customers-targeted-fraudsters-2017/

 

Financial Services Cybersecurity Systems and Services Market: Rise in Cyber Theft to Bolster Growth
According to the statistics of Transparency Market Research (TMR), the global financial services cybersecurity systems and services market is estimated to earn an approximately US$24.3 bn by the end of 2022 from US$12.5 bn in 2017. Between the forecast years, the market could expand at a 14.1% CAGR.
http://www.editiontruth.com/financial-services-cybersecurity-systems-services-market-rise-cyber-theft-bolster-growth/

 

Artificial Intelligence, machine learning new tools to fight cyber attacks
When asked if machine tools and AI can make people’s jobs in cyber security redundant, Patel said it is unlikely as attacks through malwares are designed by humans who think creatively to bypass automated security solutions. So, there is need of humans who can think creatively to defend networks from such attacks.
http://www.financialexpress.com/industry/technology/artificial-intelligence-machine-learning-new-tools-to-fight-cyber-attacks/948006/

 

Soaring Cost of Cyber Attacks Raises Concerns for Boston Healthcare Industry
Responses revealed just one successful cyber attack was responsible for costing organizations over $5 million on average, or roughly $300 per employee. Loss of IT and end-user productivity was listed as the most costly consequence of successful endpoint attacks, with system downtime and theft of informational assets following closely behind.
https://www.americaninno.com/boston/from-the-community-boston/soaring-cost-of-cyber-attacks-raises-concerns-for-boston-healthcare-industry/

 

IoT Security Top Concern for Business Technology Leaders
“Emerging technologies have to be embraced,” ISACA CEO Matt Loeb said in a statement. “As the research shows, the reluctance to deploy them is linked to the need to understand and mitigate the risks of doing so. Organizations that implement a strong information and technology governance program will better understand their capabilities, which leads to more effective risk management and increased confidence in deployment of these technologies.”
https://healthitsecurity.com/news/iot-security-top-concern-for-business-technology-leaders

 

Cybersecurity Quest Sends States To Vets, Students And Women
Job candidates “don’t perceive state government as an attractive and challenging work environment,” the report found. State cyber salaries generally can’t match those in private industry and it’s often hard to move up the ladder in state government. And the disappearance of generous government retirement plans is making the jobs less appealing to cyber professionals.
https://www.huffingtonpost.com/entry/cybersecurity-quest-sends-states-to-vets-students_us_5a1c2b06e4b0bf1467a8485e

 

The REAL threat from North Korea: Why cyber attacks are Kim’s PERFECT WEAPON
“Given what we saw occur with Wannacry, it is fair to assume that North Korea is more than capable of launching a serious cyber attack but there are many reasons why this occurred and so many nations are now capable of similar attacks, should they wish to do so.” And in times of rising tensions between the US and North Korea, cyber attacks could be the perfect weapon for the dictator.
https://www.express.co.uk/news/world/883955/north-korea-cyber-attack-uk-warning

 

Is the US behind in cyber-enabled info operations?
When asked during a May hearing before the Senate Armed Services Committee if Cyber Command — the main joint organization tasked with cyber offense and defense — has been asked to conduct cognitive operations, information warfare or the changing of public opinion, its commander, Adm. Michael Rogers, replied “No we have not. That’s not right now in our defined set of responsibilities, per se.”
https://www.federaltimes.com/dod/2017/11/27/is-the-us-behind-in-cyber-enabled-info-operations/

 

International research team focuses to combat disinformation attacks in cyberspace
ARL scientists bring to this project a number of critical scientific elements, he says, which include published research results — theories and algorithms — that explain and predict propagation of opinions and trust within a network, find untrustworthy sources within cyberspace, and detect false news. Much of these were developed in the context of ARL’s extensive Network Science research in alliance with multiple academic institutions, and will help jump-start CyRADARS.
http://mil-embedded.com/news/international-research-team-focuses-to-combat-disinformation-attacks-in-cyberspace/

 

60 Cybersecurity Predictions For 2018
The following list of 60 predictions starts with three general observations and moves to a wide range of cybersecurity topics: Attacks on the US government and critical infrastructure, determining authenticity in the age of fake news, consumer privacy and the GDPR, the Internet of Things (IoT), Artificial Intelligence (AI) as a new tool in the hands of both attackers and defenders, cryptocurrencies and biometrics, the deployment of enterprise IT and cybersecurity, and the persistent cybersecurity skills shortage.
https://www.forbes.com/sites/gilpress/2017/11/26/60-cybersecurity-predictions-for-2018/#5b9c491673ff

 

Trump’s New Cybersecurity Rules Are Better Than Obama’s
The Trump administration clearly listened to these critiques, and the unclassified version of the “VEP Charter” issued this week is more comprehensive and transparent than its predecessor. In the debate over whether to favor offensive capabilities or defensive efforts, the document states that disclosure serves the national interest in the “vast majority” of cases.
https://www.aclu.org/blog/privacy-technology/internet-privacy/trumps-new-cybersecurity-rules-are-better-obamas

 

SEC hack was preceded by years of warnings about lax cybersecurity
“The weaknesses we observed in the SEC’s security controls could adversely affect the confidentiality, integrity, and availability of the agency’s information and information systems,” the inspector general warned back in 2013 in what proved to be a prescient harbinger of the hacking that would occur. In the years that followed, the inspector general sent additional warnings and possible solutions for “critical security areas such as access and identity management.”
http://thehill.com/361764-sec-hack-was-preceded-by-years-of-warnings-about-lax-cybersecuity

 

.GIF garage Imgur plugs 1.7 million-subscriber creds breach
The world’s self-described “most awesome” collection of images, Imgur, has confessed to leaking 1.7 million user records in 2014. The company was advised of the breach by HaveIBeenPwned administrator Troy Hunt on November 23, 2017. Imgur’s chief operating officer Roy Sehgal posted confirmation of the breach. Hunt took to Twitter to say that notice came 25 hours after he notified the company it had a problem.
https://www.theregister.co.uk/2017/11/27/imgur_breach/

 

Newly Published Exploit Code Used to Spread Mirai Variant
Researchers said adversaries have automated the process of logging into ZyXEL devices using telnet credentials and coupled that with a separate hard coded superuser vulnerability (CVE-2016-10401) to gain root privileges on targeted devices. “ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices),” according to the CVE description of the vulnerability.
https://threatpost.com/newly-published-exploit-code-used-to-spread-marai-variant/128998/

 

Feds Seize Over 20,500 Domain Names For Selling Counterfeit Products
The operation, dubbed “In Our Sites (Project TransAtlantic VIII),” was conducted by Europol in association with the Interpol, the US National Intellectual Property Rights Coordination Centre (NIPRCC), FBI, Department of Justice (DOJ), and law enforcement authorities from 27 European Member States. Counterfeit goods are a huge business, as the International Trademark Association suggested that around $460 billion worth of counterfeit goods were bought and sold last year alone.
https://thehackernews.com/2017/11/counterfeit-product-websites.html

 

Fake Symantec site spreads OSX.Proton password stealer
The fake site itself also does a good job of mimicking Symantec’s site and even includes the same content though it contains a made-up blog post about a supposed new version of CoinThief that is of course false. This fake story promotes a program called “Symantec Malware Detector,” supposedly to detect and remove the malware that doesn’t actually exists, urging the users to download it.
https://www.scmagazine.com/osxproton-spread-via-fake-symantec-blog/article/709695/

 

Security firm was front for advanced Chinese hacking operation, Feds say
Wu Yingzhuo, Dong Hao, and Xia Lei face federal charges that they conspired to steal hundreds of gigabytes of data belonging to Siemens AG, Moody’s Analytics, and the GPS technology company Trimble. […] Wu and Dong are founding members and equity shareholders of Guangzhou Bo Yu Information Technology Company. Xia is an employee of the company.
https://arstechnica.com/tech-policy/2017/11/security-firm-was-front-for-advanced-chinese-hacking-operation-feds-say/

 

8 Low or No-Cost Sources of Threat Intelligence
We called on Roselle Safran, president of Rosint Labs, to work with us to build a meaningful list. Safran’s extensive experience in cybersecurity includes several years of service in the Executive Office of the President and Department of Homeland Security during the Obama administration.
https://www.darkreading.com/threat-intelligence/8-low-or-no-cost-sources-of-threat-intelligence——-/d/d-id/1330447

 

Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulped
Bulletproof 360 Inc., purveyors of the fatty coffee touted as a wonder-treatment for mental clarity and weight loss, admitted that from May 20 to October 19 of this year – minus one day on October 14 – hackers slurped sensitive personal information hipsters entered when purchasing stuff online. The sipped info included bank card numbers, expiration dates, and security codes (CVV), as well as names, postal addresses, and email addresses.
https://www.theregister.co.uk/2017/11/27/bulletproof_coffee_hacked/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>