IT Security News Blast 12-04-2017

Super Charging Healthcare Cybersecurity

As data vulnerabilities escalate, healthcare organizations need to supercharge security efforts
For healthcare organizations to achieve their core values of serving their patients better and implementing their strategic priorities, it is imperative that they take back control of their data from their vendors. Healthcare organizations need to be in a position to dictate to the vendors how data needs to be managed if they want their business.
http://www.healthcareitnews.com/news/data-vulnerabilities-escalate-healthcare-organizations-need-supercharge-security-efforts

 

Organizations Look to De-Risk by Exiting Relationships with High Risk Third Party Vendors
53 percent of organizations surveyed are likely to exit or change (de-risk) relationships with some vendors due to heightened risk levels. The reason cited most often was fourth-party risk issues and an inability to resolve them. That’s according to the annual Vendor Risk Management Benchmark Study by global consulting firm Protiviti and the Shared Assessments Program’s.
http://www.cpapracticeadvisor.com/news/12384616/organizations-look-to-de-risk-by-exiting-relationships-with-high-risk-third-party-vendors

 

Future-proofing security: Protecting against the new arsenal of weaponized malware
There are bound to be those in healthcare tempted to think artificial intelligence and machine learning will at some point come to the rescue, ferret out any would-be-attackers and then promptly and autonomously end the incident. Don’t fall into that trap but do understand the potential emerging technologies bring.
http://www.healthcareitnews.com/news/future-proofing-security-protecting-against-new-arsenal-weaponized-malware

 

Banks Build Line of Defense for Doomsday Cyberattack
U.S. banks have quietly launched a doomsday project they hope will prevent a run on the financial system should one of them suffer a debilitating cyberattack. The effort, which went live earlier this year and is dubbed Sheltered Harbor, currently includes banks and credit unions that have roughly 400 million U.S. accounts. The effort requires member firms to individually back up data so it can be used by other firms to serve customers of a disabled bank.
https://www.wsj.com/articles/banks-build-line-of-defense-for-doomsday-cyberattack-1512302401

 

UK spying fears spark Russian software ban
In a letter to the top officials of all government departments seen by the Financial Times, the National Cyber Security Centre (NCSC), a branch of Britain’s eavesdropping service GCHQ, warned that Kaspersky’s popular antivirus software posed a risk as Russia ramps up a campaign of espionage and disruption against western states.
https://www.ft.com/content/d323c458-d6a4-11e7-8c9a-d9c0a5c8d5c9

 

When Terrorists Learn How to Hack
Pro-ISIS hackers commonly resort to website defacement, particularly targeting government and media sites so that the group’s propaganda can coopt their audiences. […] Success in targeting critical infrastructure is not impossible, however, as the 2015 and 2016 attacks on the Ukrainian power grid shows, and this trend could grow with automated hacking capabilities.
https://www.thecipherbrief.com/article/tech/terrorists-learn-hack

 

Ex-NSA Hackers Worry China And Russia Will Try to Arrest Them
In light of this latest round of indictments against foreign hackers some ex-NSA hackers are starting to worry they might get the same treatment from China or Russia in the future. “It’s not a question of if, it’s just a question of when and how bad,” Jake Williams, a cybersecurity consultant who used to work at the NSA’s elite hacking unit Tailored Access Operations (TAO), told Motherboard in a phone call. “What goes around comes around.”
https://motherboard.vice.com/en_us/article/a3jzke/ex-nsa-hackers-worry-china-and-russia-will-try-to-arrest-them

 

NATO, in front of a cyberwar with the fictitious Stellaia
The military exercise intended to test resistance to a attack of high intensity, sponsored by an imaginary state, of name Stellaia, which controls an ethnic minority in Tytan and that uses all means at its disposal to gain influence. A situation easily comparable to that seen by NATO in its closest neighborhood, with Russia interfering with Ukraine’s stability. The organization recorded an average of 500 monthly incidents in 2016 and believes that majority are supported by a state
http://www.turkeytelegraph.com/world/nato-in-front-of-a-cyberwar-with-the-fictitious-stellaia-h14113.html

 

Security finally got the awareness it needed in 2017. Now what?
Security advocates finally seem to have the public’s attention, and the hope is that people — including lawmakers — will take their advice more seriously. Over the last year, Congress has held hearings on major breaches, proposed bills to help shore up shoddy security for the internet of things, and investigated foreign hacking related to the 2016 presidential election. It’s a good start, but security researchers hope the new awareness isn’t just a phase.
https://www.cnet.com/news/security-awareness-finally-in-2017-now-what/

 

Leaked DHS memo accused drone maker DJI of spying for China
The bulletin (pdf), written in August by the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE), was leaked last week. In it, SIP Los Angeles claims to have “moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.” It has “high confidence” that DJI “is selectively targeting government and privately-owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”
https://www.csoonline.com/article/3239726/security/leaked-dhs-memo-accused-drone-maker-dji-of-spying-for-china.html

 

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup
Among Blaze’s recommendations is that rather than rely on purely electronic voting machines to log votes, officials use optical scan machines that retain a paper copy of each voter’s ballot that can be consulted if anyone grows concerned about counting errors or tampering. In other words, due to the fact that everything has bugs and flaws, truly paperless voting systems should be a no-no.
https://www.theregister.co.uk/2017/12/01/us_voting_machine_security_hearing/

 

Fake news and botnets: how Russia weaponised the web
Rastorguev said that one of the most effective weapons in modern conflict was information – or more accurately, disinformation, like the fake news and social media posts that US audiences have been reading since last year’s presidential election, or the stories that whipped Estonian protesters into a frenzy in 2007. […] Since then, Russia has only developed, and codified, these strategies.
https://www.theguardian.com/technology/2017/dec/02/fake-news-botnets-how-russia-weaponised-the-web-cyber-attack-estonia

 

Net neutrality activists just took over Reddit with protest posts
If you visit the reddit.com home page today expecting to see the usual mix of news stories and entertaining cat memes, you’re likely to see something very different: a wall of posts naming and shaming members of Congress—mostly Republicans—who have taken money from the telecommunications industry. […] The campaign is likely to be particularly effective because each post is hosted in a subreddit for the state where the member of Congress serves.
https://arstechnica.com/tech-policy/2017/12/net-neutrality-activists-just-took-over-reddit-with-protest-posts/

 

Senate bill introduced that would require jail time for data breach cover ups
The Data Security and Breach Notification Act was introduced by Sens. Bill Nelson, D-FL., Richard Blumenthal, D-CT., and  Tammy Baldwin, D-WI., Nelson introduced similar legislation last year, will require quick notification of breaches and impose new penalties for the executive of any companies that withhold such information from the public. If the news of a breach is not released within 30 days the executives in charge could face up to five years in jail.
https://www.scmagazine.com/senate-bill-introduced-that-would-require-jail-time-for-data-breach-cover-ups/article/711319/

 

Apple iOS 11 security ‘downgrade’ decried as ‘horror show’
“Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left,” Alfonin explains in his post. “Everything (and I mean, everything) is now completely exposed. Local backups, the keychain, iCloud lock, Apple account password, cloud backups and photos, passwords from the iCloud Keychain, call logs, location data, browsing history, browser tabs and even the user’s original Apple ID password are quickly exposed.”
https://www.theregister.co.uk/2017/12/01/apple_ios_11_security_downgrade_decried_as_horror_show/

 

A Tricky PayPal Phishing Scam That Comes From Official PayPal Email
It starts with an email that informs users about a change in their “Billing Information,” and directs that in case they didn’t make the supposed change they need to click on a link hidden behind a URL shortener to verify that it’s not them. “If you did not make these changes or you believe an unauthorized person has accessed your account, you should change your password as soon as possible from your PayPal ID account page,” says the email.
https://www.hackread.com/a-tricky-paypal-phishing-scam-that-comes-from-official-paypal-email/

 

Siemens Patches Several Flaws in Teleprotection Devices
According to advisories published by both Siemens and ICS-CERT, medium severity vulnerabilities have been found in the EN100 Ethernet module used by SWT 3000 devices running IEC 61850 and TPOP firmware. The flaws can be exploited to bypass authentication to the web interface and perform administrative operations (CVE-2016-7112, CVE-2016-7114), and cause devices to enter a DoS condition by sending specially crafted packets (CVE-2016-7113).
http://www.securityweek.com/siemens-patches-several-flaws-teleprotection-devices

 

Cisco Patches Critical Playback Bugs in WebEx Players
“A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file,” according to Cisco. Cisco warned exploitation of the vulnerabilities could allow arbitrary code execution on a targeted system. In less severe cases, the vulnerabilities could cause players to crash.
https://threatpost.com/cisco-patches-critical-playback-bugs-in-webex-players/129057/

 

Warning: security vulnerabilities found in SD-WAN appliances
The micro-services running in SD-WAN appliances are often sourced from third-parties. They may come from well-known security vendors with well tested products, but could just as easily be open source components coded together by the vendor. Our findings showed that latter was common with 80 percent having known Common Vulnerabilities and Exposure (CVEs), some more than a decade old.
https://www.networkworld.com/article/3238725/sd-wan/warning-security-vulnerabilities-found-in-sd-wan-appliances.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.