IT Security News Blast 12-05-2017

Internet of Things

US banks prepare cyberattack contingency plan
Dubbed Sheltered Harbor, the project involves the participation of various banks and credit unions that have about 400 million accounts in the US. Members of the Sheltered Harbor project are required to individually back up data so that it can be used by other member firms to serve customers in the event of a debilitating data breach.
http://www.insurancebusinessmag.com/us/news/cyber/us-banks-prepare-cyberattack-contingency-plan-86749.aspx

 

Ignorance Of Cyber Threat Creates Conundrum For Small Business Data Security
·       60 percent of SMBs said they don’t follow PCI DSS or HIPPA rules when storing customer credit card and banking information
·       54 percent of SMBs that store medical data in the cloud admit they don’t follow storage industry regulations
·       25 percent of small firms have consumer data that is susceptible to an attack on their business network
·       82 percent of small businesses told Insureon they don’t feel they’re at risk for a cyberattack or data breach
https://www.pymnts.com/news/b2b-payments/2017/smb-cybersecurity-data-digest/

 

Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Harit discovered that a simple $7 hardware device could interface with the IV infusion pump, read its configuration data, and understand which access point it was seeking to connect to. As a result, he established a fake access point, connected with the IV pump, and then collected sensitive medical data on an individual that included a master drug list and quantity of drugs to be taken.
https://www.darkreading.com/mobile/hacked-iv-pumps-and-digital-smart-pens-can-lead-to-data-breaches/d/d-id/1330536

 

How an Ohio Hospital Avoided a Widespread Ransomware Attack
Organizations of all sizes need to be aware of the potential threats and be willing to invest in options that will help keep sensitive data secure. Ohio-based Wood County Hospital averted a potentially widespread ransomware attack by detecting the issue with the help of its managed security services provider (MSSP) two weeks before it surfaced.
https://healthitsecurity.com/news/how-an-ohio-hospital-avoided-a-widespread-ransomware-attack

 

PayPal’s TIO Networks breach affects millions of customers
In July this year, the online payment giant PayPal announced buying Canadian bill payment management company TIO Networks for $233 million (€196m) in cash. But now the company has revealed that TIO Networks have suffered a massive data breach in which personal information of 1.6 million customers has been stolen.
https://www.hackread.com/paypals-tio-networks-breach-affects-millions-of-customers/

 

Cities Would Be Smart to Deploy Strong Cyber Security Measures as They Build More Connected Infrastructures
The expected benefits of smart city solutions include cost savings from operational efficiencies; optimizing use of resources; improved government services and interaction for citizens; better stream of data to improve decision-making; and the opportunity to attract technology-savvy workers and businesses. As is the case with their constituents, government officials are most concerned about funding and cyber security.
https://securityboulevard.com/2017/12/cities-would-be-smart-to-deploy-strong-cyber-security-measures-as-they-build-more-connected-infrastructures/

 

Venezuela looks to cyber currency to circumvent US financial sanctions
The leftist leader offered few specifics about the currency launch or how the struggling OPEC member would pull off such a feat, but he declared to cheers that “the 21st century has arrived!” “Venezuela will create a cryptocurrency,” backed by oil, gas, gold and diamond reserves, Maduro said in his regular Sunday televised broadcast, a five-hour showcase of Christmas songs and dancing.
https://www.pri.org/stories/2017-12-04/venezuela-looks-cyber-currency-circumvent-us-financial-sanctions

 

Critical Infrastructure: Fear the Consequences, Not the Security Solutions
[It] is an important exercise to consider the commonalities that CI sectors share with enterprises to show what must be done to improve CI cybersecurity. […] For those organizations that don’t have the internal expertise or need assistance figuring out how to prioritize security spend based on risk, getting help by a qualified third-party organization can help to lay out a roadmap for evolving the security program and regularly test your security risk and response readiness.
https://www.infosecurity-magazine.com/opinions/critical-infrastructure-security/

 

The Rising Dangers of Unsecured IoT Technology
Earlier this year, the Food and Drug Administration (FDA) recalled 450,000 pacemakers that are currently in use by patients out of fear that these devices could be compromised. […] While this is perhaps one of the most potentially life-threatening examples of unsecured Internet of Things (IoT) security, it drives home the point that manufacturers are not building these devices with security as a priority. As IoT devices grow in popularity, seemingly endless security- and privacy-related concerns are surfacing.
https://www.darkreading.com/mobile/the-rising-dangers-of-unsecured-iot-technology–/a/d-id/1330518

 

State Dept insists cyber a priority despite office closure
Secretary of State Rex Tillerson notified Congress in August of the department’s decision to shutter the cybersecurity coordinator’s office, an entity responsible for engaging with other countries on cyber policy. It is being folded into a bureau focused on economic affairs as part of a broader agency redesign.
http://thehill.com/policy/cybersecurity/363116-state-dept-insists-cyber-still-a-priority-despite-office-closure

 

Federal government to propose new cybersecurity-related bill this winter
One of the provisions of Bill C-59 is the enhancement of the Communications Security Establishment (CSE), allowing the agency to conduct cyberattacks against foreign hostile actors looking to compromise Canada’s infrastructure from abroad.
http://www.insurancebusinessmag.com/ca/news/cyber/federal-government-to-propose-new-cybersecurityrelated-bill-this-winter-86767.aspx

 

China Think Tank Calls for ‘Democratic’ Internet Governance
“We should promote the establishment of a multinational, democratic and transparent global internet governance system,” it said. For the third straight year, independent U.S. rights watchdog Freedom House ranked China last in internet freedom this year, however. China’s internet governance initiatives include strict new censorship and surveillance curbs introduced this year that target news outlets, social media and individuals on the net.
https://www.usnews.com/news/technology/articles/2017-12-04/china-think-tank-calls-for-democratic-internet-governance

 

Blogger Sentence Shows Vietnam Fed Up With Criticism Over Graft, Inefficiency
Vietnam’s 10-year sentence for a blogger who questioned her government’s response to a toxic chemical flap joins a pack of actions that point to growing official impatience with online criticism of graft and perceived inefficiency. […] “I think that the government wants to scare other bloggers. If they continue blogging against the government, they have to pay a very heavy price.”
https://www.voanews.com/a/vietnam-cracksdown-on-criticism-of-graft/4148080.html

 

FCC won’t delay vote, says net neutrality supporters are “desperate”
The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. FCC Chairman Ajit Pai says that net neutrality rules aren’t needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs.
https://arstechnica.com/tech-policy/2017/12/fcc-chair-refuses-to-delay-net-neutrality-vote-despite-pending-court-case/

 

Democrat asks why FCC is hiding ISPs’ answers to net neutrality complaints
The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs and for the ISPs’ responses to those complaints. The FCC initially stalled in releasing all of the complaints, saying it would be too “burdensome” for FCC staff.
https://arstechnica.com/tech-policy/2017/12/fcc-still-withholding-isps-responses-to-net-neutrality-complaints/

 

Google Cracks Down On Nosy Android Apps
“Apps handling personal user data (such as user phone number or email), or device data will be required to prompt users and to provide their own privacy policy in the app. Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use[.]”
https://threatpost.com/google-cracks-down-on-nosy-android-apps/129081/

 

Smile, you’re on hidden webcam Airbnb TV!
Recent stories of breaking Airbnb’s “no spying” rules include that of the Airbnb host in Florida who said Hey, no, no, I installed that webcam in the bedroom and pointed it at the bed to record sex parties with the consent of those involved. He turned the cameras off when his apartment was being rented out, he claimed. Is that so?! Well, surprise, surprise: when police seized two smoke detectors with hidden cameras, computers, SD cards and anything else that could store data, they found footage of Airbnb guests.
https://nakedsecurity.sophos.com/2017/12/04/smile-youre-on-hidden-webcam-airbnb-tv/

 

The Emotional Burden of Being Hacked
The anxiety and trauma around these breaches are only exacerbated by the lack of legal process we have to handle them: a report by security firm Norton in 2010 revealed victims feel “powerless” because it seems unlikely online criminals will be brought to justice, though the top reactions were anger (58 percent), annoyance (51 percent), and the feeling of being “cheated” (40 percent).
https://motherboard.vice.com/en_us/article/8xm4mv/the-emotional-burden-of-being-hacked-stressweek2017

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.