IT Security News Blast 12-06-2017

CVI Radar Image

Critical Informatics Releases Continuous Vulnerability Identification (CVI), Automating Network Vulnerability Scans and Reporting
The service is operated from the company’s Critical Insight security monitoring platform, which keeps the technology footprint and installation as light as possible. […] CVI allows administrators to schedule scans as often as needed to identify emerging vulnerabilities, or execute scans on-demand following specific events, such as application updates. The configurable intervals between scans provide insight into vulnerability trends throughout the year, something that quarterly or annual scans may overlook.
http://www.businesswire.com/news/home/20171205005384/en/Critical-Informatics-Releases-Continuous-Vulnerability-Identification-CVI

 

U.K. Banks Aren’t Telling Regulators About All Cyber Attacks
“Our suspicion is that there’s currently a material under-reporting of successful cyber attacks,” Megan Butler, the FCA’s director of supervision, said in a speech Tuesday, according to a copy of her remarks on the regulator’s website. “The number of breaches relayed back to us looks modest when you set it against the number of attacks on the industry.”
https://www.bloomberg.com/news/articles/2017-12-05/u-k-banks-aren-t-telling-regulators-about-all-cyber-attacks

 

Changing Cybersecurity Regulations that Global Financial Services Firms Need to Know About
Globally operating financial services firms have to be aware of new cybersecurity regulations and how they affect their business in order to navigate data rules and remain compliant, especially as they conduct business across borders. Compliance is especially crucial as the punishments for noncompliance typically include large fines. Below are some of the most recent implemented or proposed cybersecurity regulations that will affect financial services firms.
https://www.csoonline.com/article/3239681/security/changing-cybersecurity-regulations-that-global-financial-services-firms-need-to-know-about.html

 

The best kept secret in cybersecurity is protecting U.S. banks against catastrophic attacks
·       All participating institutions, on a regular basis, make a copy of the consumer’s account data in a standard format, which enables the restoration of accounts in the event of a major outage.
·       The account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed — exactly as when it was archived.
·       All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.
https://www.csoonline.com/article/3240014/backup-recovery/the-best-kept-secret-in-cybersecurity-is-protecting-us-banks-against-catastrophic-attacks.html

 

What to Consider Before Striking an EMR Contract
Hospitals also should use contracts to ensure ongoing training and support from their EMR partner. “Systems don’t last forever. An EMR purchased today may not even be supported 5 to 7 years from now,” he said. Even 5 years is “eons” in today’s technology landscape, according to Wood, and the clinicians tasked with using the system should be guaranteed ongoing training to stay abreast of updates and best practices.
http://www.hcanews.com/news/what-to-consider-before-striking-an-emr-contract

 

Active Cyber Defense Certainty Act: Should we ‘hack back’?
I’m a big fan of evolving our laws to bring them into a modern state when it comes to cybersecurity, but I feel this law will cause more harm than good. Allowing others to hack back without the proper oversight — which I feel is extremely lacking in the proposed bill — will create cyber vigilantes more than anything else. I also feel that this law can be abused by criminals, and it doesn’t leave us in any better state than we’re in now.
http://searchsecurity.techtarget.com/opinion/Active-Cyber-Defense-Certainty-Act-Should-we-hack-back

 

Army leaders launch program to recruit more cyber warriors
The service is implementing a new pilot program to directly commission civilians with technology and cybersecurity backgrounds as cyber operations officers who will provide support for the branch’s Cyber Mission Force teams. The effort signals the urgency within the Army to recruit more technology-savvy operators as cyber operations gain significance in the U.S. military.
http://thehill.com/policy/cybersecurity/363349-army-leaders-launch-program-to-recruit-more-cyber-warriors

 

When Routine Isn’t Enough: Why Military Cyber Commands Need Human Creativity
Routines are considered to be the oil that keeps government institutions running. In the academic literature, routines are defined as ‘‘an executable capability for repeated performance in some context that has been learned by an organization in response to selective pressures.” […] Repetition of an established organizational routine is likely to be insufficient when conducting military cyber operations. The command must foster an environment in which operators can depart from routine and nimbly adapt their actions to stay ahead of their adversaries.
https://warontherocks.com/2017/12/routine-isnt-enough-military-cyber-commands-need-human-creativity/

 

A popular virtual keyboard app leaks 31 million users’ personal data
Each record contains a basic collected data, including the user’s full name, email addresses, and how many days the app was installed. Each record also included a user’s precise location, including their city and country. Other records are significantly more detailed. The app has a free version, which per its privacy policy collects more data than the paid version, which the company uses to monetize with advertising.
http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/

 

Turns out Leakbase can keep a secret: It has shut down with zero info
Like LeakedSource, which was shuttered in January this year, Leakbase let customers buy data sourced from breaches. Hunt said luring customers to help them “use that data to disadvantage the victims of a breach” was always a high-risk model.
https://www.theregister.co.uk/2017/12/05/leakbase_closes/

 

Wi-Fi + Malware = Surveillance Dealers’ Answer To Spying On WhatsApp
Some are offering an astonishing array of features on top of the basic Wi-Fi attacks. Take Almenta, a firm based in Bulgaria, but whose operators, including CEO Ari Covitz, are Israeli. A brochure detailed one product, the WiNA-P, from which a range of attacks could be launched at a target. For instance, Almenta offered packages to deliver payloads on Android and iOS devices, promising “data extraction” for Facebook, WhatsApp, Telegram and Skype messages.
https://www.forbes.com/sites/thomasbrewster/2017/12/04/whatsapp-hacks-with-wifi-trojans-almenta-wispear-jenovice/#6420d1fc1be0

 

Russian agricultural watchdog suspects PepsiCo of cyber attack
Russian agricultural watchdog Rosselkhoznadzor suspects US’ PepsiCo of a hacking attack to get access to confidential information from the Russian authorities, the spokesperson of the regulator Yulia Melano told reporters. […] According to the agency, the representative of PepsiCo showed the document in the course of Rosselkhoznadzor’s meeting with Soyuzmoloko (Union of milk producers). PepsiCo denies this fact.
http://tass.com/economy/979118

 

‘Tech Won’t Run Itself’: Analyzing Cyber Security’s Talent Crisis
“Cyber security is growing 12 times faster than any other job market in the United States,” Rettas said. Yet, the “Task Force 7” host continued, saying there are 350,000 open related jobs in the U.S., with no talent to fill them. For the same reasons, there are a million vacant jobs worldwide. Rettas quoted additional statistics, saying that 2 million jobs are projected to be vacant by 2019 and 3.5 million by 2021.
https://www.cshub.com/news/%E2%80%98tech-won%E2%80%99t-run-itself%E2%80%99-analyzing-cyber-security%E2%80%99s

 

We Need to Secure Voting Machines. But from What?
First, how should we understand the election-security threat? As demonstrated by the 2016 U.S. presidential election, the pertinent security issues are immensely complex and wide-ranging. In order to develop a sensible framework, we must disentangle pure election-security issues from broader information operations or covert influence campaigns.
https://www.lawfareblog.com/we-need-secure-voting-machines-what

 

Mastermind behind sophisticated, massive botnet outs himself
In online discussions, Ar3s demonstrated expertise in malware development and the reverse-engineering of software. He also acted as a reputable guarantor of deals that were hashed out online. As it turned out, the ICQ number of the figure he used as one of his primary contact methods was registered in several whitehat discussion forums to one Sergey Jaretz.
https://arstechnica.com/tech-policy/2017/12/mastermind-behind-massive-botnet-tracked-down-by-sloppy-opsec/

 

Developers Targeted in ‘ParseDroid’ PoC Attack
Check Point’s PoC demonstrated how a malicious actor could create a malicious library that would be attractive to a developer targeted in an attack. First step, the bad actor uploads the bad code library to public repository. Next, threat actors manipulate the ranking of their malicious library, increasing the odds the targeted developer will use its malicious library as part of an application under their development.
https://threatpost.com/developers-targets-in-parsedroid-poc-attack/129088/

 

Google prepares 47 Android bug fixes, ten of them rated Critical
Among the critical bugs in the Android Security Bulletin, five concern the media framework, one is system-level, four hit Qualcomm components. The worst, Google said, is one of the media framework bugs, not yet fully disclosed, but it “could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process”.
https://www.theregister.co.uk/2017/12/05/android_december_security_bulletin/

 

Authorities dismantle Andromeda Botnet that infected millions of devices
Andromeda was developed in September 2011, to infect computer systems of unsuspecting users, steal personal data and install additional malware on the device from 80 dangerous malware families. […] The operation to dismantle Andromeda was a conducted by Europol’s Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), the Luneburg Central Criminal Investigation Inspectorate in Germany and Federal Bureau of Investigation (FBI), revealed Europol.
https://www.hackread.com/authorities-dismantle-andromeda-botnet-that-infected-millions-of-devices/

 

Man hacks prison computers & alters records for pal’s early release
A 27-year-old man from Ann Arbor, Michigan hacked into the government computer system of Washtenaw County Jail and altered inmate records so his friend could be released early. But it all backfired on him when the prison staff detected changes in their record and prevented any prisoner from being released before time.
https://www.hackread.com/man-hacks-prison-computers-alter-records-for-pals-early-release/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.