IT Security News Blast 12-01-2017

Cyber Lawsuits on Uber

Lawsuits Pile Up on Uber
First, on Monday, the city of Chicago and Cook County filed a lawsuit asking the court to fine Uber $10,000 a day for each violation of a consumer’s privacy. The suit contends Uber took much too long to report the breach. Next, on Tuesday, Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit against Uber, asking for penalties of up to $2,000 per violation. The lawsuit alleges that at least 10,888 Uber drivers in Washington were breached, so the lawsuit could result in millions of dollars of penalties.
https://www.darkreading.com/attacks-breaches/lawsuits-pile-up-on-uber/d/d-id/1330530

 

National Credit Federation unsecured AWS S3 bucket leaks credit, personal data
In what has become a familiar and troubling refrain, an unsecured Amazon Web Services S3 storage bucket that allows public access, reportedly has leaked sensitive information, including credit card numbers, credit reports from the three major reporting agencies, bank account numbers and Social Security numbers. This time, the organization in the crosshairs is credit repair service, National Credit Federation. The exposed data — a whopping 111 GB worth – allegedly affects tens of thousands of consumers.
https://www.scmagazine.com/national-credit-federation-unsecured-aws-s3-bucket-leaks-credit-personal-data/article/710743/

 

U.S. stock trading audit system delayed by hack fears
The CAT would store information on every U.S. stock and option trade order, execution, modification and cancellation, which make up about 58 billion records a day, as well as sensitive personal information, such as social security numbers, on all market participants. One worry is that the system does not, at present, identify who is trading.
https://www.reuters.com/article/us-usa-congress-stocks-data/u-s-stock-trading-audit-system-delayed-by-hack-fears-idUSKBN1DU361

 

Thwarting Cyber Attacks on Retirement Plans
Cyber crime can affect a retirement plan in a variety of ways, Merker and Kohlstrand observe, such as phishing and ransomware. Not only that, they observe, a breach of an employer’s data poses an additional risk for its retirement plans since that exposes the plan to the threat of wire transfer fraud which seeks to trick employees who work with the plan into releasing plan funds.
http://www.asppa-net.org/News/Article/ArticleID/9358

 

 

‘Open banking’ holds promise but cybersecurity fears loom for Canadian banks
“The high degree of financial and operational interconnectedness among financial institutions means that a successful cyber attack against a single institution or a key service provider could spread more widely within the financial system.” Meanwhile, various jurisdictions are pushing ahead with legislation that would see financial institutions become even more interconnected.
http://business.financialpost.com/news/fp-street/open-banking-holds-promise-but-cybersecurity-fears-loom-for-canadian-banks

 

House Asks HHS to Develop Health Care Cyber Risk Plan
A bill of materials (“BOM”) is a list of each component, including software components, and any known risks associated with a component of a piece of medical technology. The idea behind the request is that a BOM could potentially provide visibility on cybersecurity risks for health care organizations that use such technologies. Healthcare organizations, such as hospitals, may then use the BOM to assess and mitigate their own cybersecurity risks.
https://www.natlawreview.com/article/house-asks-hhs-to-develop-health-care-cyber-risk-plan

 

Security & privacy in the era of digital health
According to Accenture, “25 percent of patients impacted by healthcare provider data breaches between 2015 and 2019 — more than 6 million people — will subsequently become victims of medical identity theft. Sixteen percent of impacted patients—more than 4 million people—will be victimized and pay out-of-pocket costs totaling almost $56 billion over the next five years.”
http://www.healthcareitnews.com/blog/security-privacy-era-digital-health

 

Four ways state and local CIOs can boost cybersecurity
1. Get the basics right, then tackle IoT
2. Break down organizational silos
3. Reduce the number of tools
4. Create dedicated security roles
http://statescoop.com/four-ways-state-and-local-cios-can-boost-cybersecurity

 

NATO Plots Cyber Warfare Rules
The move signals that NATO is preparing to develop the ability to respond military to state-sponsored computer hackers. This could mean that NATO doctrine shifts from a defensive stance, to a much more confrontational approach. The development comes after Western officials have pointed to the offensive cyber warfare capabilities of nation states such as Russia, China and North Korea.
http://www.silicon.co.uk/security/cyberwar/nato-cyber-warfare-rules-225475?inf_by=5a20ada5671db8b5078b4a20

 

‘Permanent AI attacks’ pushing world to WORLD WAR 3, warn military boffins
NATO generals made the chilling warning after an earth-shattering report highlighted 20 factors that could plunge the world’s most powerful nations into a devastating conflict. General Denis Mercier, NATO supreme allied commander, said the document showed a greater risk of a major war than when ISIS was at the height of its power in 2013. He pointed to the growing risks posed by cyber warfare before delivering the bombshell claim that Western powers were under “permanent attack”.
https://www.dailystar.co.uk/news/world-news/663652/nato-warning-ai-cyber-attacks-north-korea-russia

 

Incoming: A Model for Building a Civilian Reserve Cyber Corps
The Civil Reserve Air Fleet (CRAF) could serve as a model for the corps and ultimately help the U.S. government and the Defense Department shore up their shortfall of cyber resources. The CRAF program was initiated after the Berlin Airlift and falls under the Department of Transportation, which is responsible for developing plans for a national emergency preparedness program.
https://www.afcea.org/content/incoming-model-building-civilian-reserve-cyber-corps

 

House Intelligence Committee’s NSA Surveillance Bill Includes New Threats and Old
Thrown last-minute into a torrent of competing legislation, a new bill meant to expand the NSA’s broad surveillance powers is the most recent threat to American privacy. It increases who is subject to surveillance, allows warrantless search of American communications, expands how collected data can be used, and treats constitutional protections as voluntary. The bill is called the FISA Amendments Reauthorization Act of 2017[.]
https://www.eff.org/deeplinks/2017/11/house-intelligence-committees-nsa-surveillance-bill-includes-new-threats-and-old

 

The Surveillance Operative Lurking in the Living Room
In the grand scheme of things, the jump from audio to video is a marginal advancement in the gadgets’ ability to collect information. But for those thinking about following the products to their next frontier, this is a good opportunity to explore the relationship between service and surveillance and to take sober stock of the risks inherent with home assistant devices.
https://worldview.stratfor.com/article/surveillance-operative-lurking-living-room

 

Justices hear case that could reshape location privacy in the cellular age
But the government pointed to a 1979 Supreme Court ruling called Smith v. Maryland. In that case, the Supreme Court ruled that the government doesn’t need to get a warrant to obtain a customer’s dialing history because they are merely the business records of the phone company. […] Several justices seemed uncomfortable with the potentially Orwellian implications of this position.
https://arstechnica.com/tech-policy/2017/11/justices-hear-case-that-could-reshape-location-privacy-in-the-cellular-age/

 

FBI, DHS Warn of Hacker Mercenaries Funded by Nation-States
That’s one message the FBI wanted to send when it indicted two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service in March, Director Christopher Wray said. “We are seeing an emergence of that kind of collaboration which used to be two separate things—nation-state actors and criminal hackers,” Wray told the House Homeland Security Committee. “Now there’s this collusion, if you will.”
http://www.nextgov.com/cybersecurity/2017/11/fbi-dhs-warn-hacker-mercenaries-funded-nation-states/144203/

 

Cyber attacks are a symptom of Western weakness
In demonizing Hillary Clinton and stirring up fear over the migration of Hispanics, the Kremlin was able to exploit the prejudices and paranoia that Americans had allowed to govern their political debate. Had US elections retained some semblance of rationalism and focused on policy over personality and hysteria, they would not have been so surgically exploited.
http://www.arabnews.com/node/1201716/columns

 

Stop us if you’ve heard this one: Russian hacker thrown in US slammer for $59m bank fraud
Roman Valeryevich Seleznev, aka Track2, the 33-year-old son of a Russian MP, was sentenced after being convicted of one count each of racketeering and conspiracy to commit bank fraud. Though each charge carries a 168 month sentence, Seleznev will serve the terms concurrently along with a 27-year stretch he was given in April for separate fraud charges.
https://www.theregister.co.uk/2017/12/01/roman_seleznev_track2_jailed/

 

The Truth About Machine Learning In Cybersecurity: Defense
Unfortunately, machine learning will never be a silver bullet for cybersecurity compared to image recognition or natural language processing, two areas where machine learning is thriving. There will always be a person who tries to find issues in our systems and bypass them. Therefore, if we detect 90% attacks today, new methods will be invented tomorrow. To make things worse, hackers could also use machine learning to carry out their nefarious endeavors.
https://www.forbes.com/sites/forbestechcouncil/2017/11/30/the-truth-about-machine-learning-in-cybersecurity-defense/#1a84282f6949

 

Security Recruiter Directory
The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
https://www.csoonline.com/article/3013033/it-careers/security-recruiter-directory.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.