IT Security News Blast 12-13-2017

AIG Revamps Cyber Attack System
Firms are to be ranked on the degree to which a cyber attack may occur and affect businesses as well as possible costs involved. Recently, there has been many reports where hackers are increasingly targeting firms’ technology systems that are raising many concerns over the amount of cyber coverage available.


Researchers expose Russian cyber bank robbers who stole over $10M
The bad actors stole from its first U.S. bank in May 2016 by gaining access to its network operator portal for First Data’s STAR debit payment network – an attack that was repeated against another bank in early 2017. By gaining access to STAR, the attackers were able to remove or increase cash withdrawal limits and remove overdraft limits on debit cards they had previously opened or bought. Using these same cards, money mules subsequently withdraw large amounts of money from multiple ATMs.


Financial industry groups suggest principles for cyber penetration testing framework
Leading global financial industry groups on Monday released principles for developing a commonly accepted framework for cybersecurity penetration testing, while proposing an ongoing dialogue between industry and regulators. The Global Financial Markets Association, which includes the Asia Securities Industry and Financial Markets Association, the Securities Industry and Financial Markets Association, and the Association for Financial Markets in Europe, published a set of principles to be followed during the creation of this type of framework[.]


New York is First State to Adopt Comprehensive Cybersecurity Regulations
Notable among the new requirements under the New York regulation is that all covered entities are responsible for retaining a “chief information security officer” (CISO) to implement and oversee the company’s cybersecurity program. This individual is responsible for maintaining compliance with the regulation for the company. The individual could be an employee or outside contractor.


Cyber Security Is a Serious Problem for Physicians: Survey
More than four in five US physicians (83%) have experienced some form of a cyber attack, according to new research released today by the American Medical Association (AMA) and Accenture. […] The findings show the most common type of cyber attack was phishing — cited by 55% of physicians who experienced an attack — followed by computer viruses (48%). Physicians from medium and large practices were twice as likely as those in small practices to experience these types of attacks.


Infectious Email Is The Top Cyber Threat To Healthcare Providers: Study
Healthcare providers, the holders of some of the most sensitive possible data on consumers, rank email as their worst cyber security threat, according to a study from Mimecast Ltd., conducted by HIMSS Analytics. […] Next are laptops and other portable electronic devices, followed by paper/films and electronic medical records. Desktops rank near the bottom, and network severs are last.


Public sector cyber security needs to fight back
Public sector organisations across every service stand to lose valuable data which is vulnerable to criminals. This can range from high-value research from universities to patient records and even sensitive information shared by government officials. So why is the public sector struggling to prevent cyber-attacks? Budget constraints are universal across all public sector services, and IT managers are increasingly finding themselves tasked to do more with less. As a result, basic security hygiene has always been an Achilles heel for public sector organisations.


To fend off hackers, local governments get help from states
Washington state started offering local governments independent audits of their cyber defenses three years ago. The reviews by contractors and state auditors and IT security specialists assess a system’s vulnerabilities, perform technical tests to see if it can be penetrated, and recommend improvements. The audits take six months to two years and cost the state $150,000 to $300,000 each.


Kaspersky dragged into US govt’s trashcan as weaponized blockchain agile devops mulled
The Kaspersky ban is just one of “cyberspace-related matters” in Section C of the act. Section 1646 calls for “a description of potential offensive and defensive cyber applications of blockchain technology and other distributed database technologies” along with “an assessment of efforts by foreign powers, extremist organizations, and criminal networks to utilize such technologies.”


Trump ‘strongly’ objects to cyber provision in defense bill
The provision in question requires the administration to set forth a national cyber policy that addresses the use of offensive cyber capabilities to respond to attacks in cyberspace. […] Trump argued in the statement released by the White House that the provision amounts to Congress holding “hostage” his ability to communicate on national security strategy going forward, saying the provision “threatens to undermine the effective operation of the Executive Office of the President.”


Cyber operations Airmen ‘Hacks the Air Force’
Hack the Air Force 2.0 is a continuation of the Hack the Air Force event held in June 2017. Initiated by the Defense Digital Service, the event is a by-invitation opportunity for computer experts outside the Air Force to assist in strengthening the service’s defensive cyber posture, by discovering and reporting vulnerabilities in Air Force websites.


Iran’s Cyber Warfare Program Is Now a Major Threat to the United States
It emerged as a cyber threat a few years later than Russia and China and has so far demonstrated less skill. Nevertheless, it has conducted several highly damaging cyberattacks and become a major threat that will only get worse. Like Russia and China, the history of Iran’s cyberspace operations begins with its hackers. But unlike these other countries, Iran openly encourages its hackers to launch cyberattacks against its enemies. The government not only recruits hackers into its cyber forces but supports their independent operations.


Sens. Wyden and Paul criticize US spying program
Wyden argued the bill should solely be used for foreign intelligence collection. He said that American citizens will inevitably be spied on. “As telecommunications systems increasingly are globally integrated, more and more law-abiding Americans are going to be swept up in the searches,” he said. […] Paul echoed Wyden’s argument, saying “we should not give up on the constitution.” He said the government is “absolutely” using FISA section 702 for domestic spying.


DHS assisting with election security in Alabama
“We’ve been working with them on game-day planning for quite some time now,” Krebs said of Alabama’s election, saying the playbook has similar to what the department did with recent gubernatorial elections in November. The agency’s efforts on securing elections is threefold, he said. “First is information-sharing, second is technical support and third is incident response.”


Ex-Spy Chief: Russia’s Election Hacking Was An ‘Intelligence Failure’
President Trump has taken to publicly bashing his intelligence agencies and continues, a full year later, to question their conclusion that Russia intervened in the 2016 U.S. election on his behalf. For their part, an array of career spooks have come out of the shadows where they spent their careers to challenge the commander-in-chief in once unthinkably public terms. […] But in a revealingly self-critical and at times surprising interview for this week’s Global POLITICO, Morell acknowledges that he and other spy-world critics of the president failed to fully “think through” the negative backlash generated by their going political. “There was a significant downside,” Morell said in the interview.


Voting machines without safeguards
Having worked at IBM for long, Barbara Simons (76) is among the pioneers in computer science. When, therefore, she began saying that electronic voting was not safe, people took her to be a ‘crank’.  […] But the election of Donald Trump in 2016 as the US President and the cloud cast by allegations of Russian interference in the electoral process, has overnight changed the usually cold reception that Simons was used to from public officials and citizens alike. People are now more curious to hear her and more willing to accept that she may actually be talking sense.


Jailed hacker claims Russia’s secret service ordered him to break into Democratic Party computers during US election
He admits to hacking servers belonging to Hillary Clinton and the Democratic Party in the US and in court papers to targeting an IP address believed to be located in the Westminster area of London. Kozlovsky – seen in a video being detained by the FSB in June 2016 – alleges he was recruited by the secret services agency and given a remit to hack foreign countries for the Moscow authorities.


Ajit Pai offers no data for latest claim that net neutrality hurt small ISPs
But Pai’s announcement offered no data to support this assertion. So advocacy group Free Press looked at the FCC’s broadband deployment data for these companies and found that four of them had expanded into new territory. The fifth didn’t expand into new areas but it did start offering gigabit Internet service. These expansions happened after the FCC imposed its Title II net neutrality rules. (Title II is the statute that the FCC uses to enforce net neutrality rules and regulate common carriers.)


How Reddit and others “broke the Internet” to support net neutrality today
Congress could reverse the FCC’s decision or impose a new set of net neutrality rules, although that doesn’t seem likely given the sizable Republican majorities in the House and Senate. While the issue may ultimately be decided in court, net neutrality supporters clearly won’t let members of Congress make it through this week without hearing from them.


Vulnerability Found in Two Keyless Entry Locks
Impacted are two AMAG Technology Symmetry IP-based access door controllers used in keyless door models EN-1DBC and EN-2DBC. Researchers say if the devices are deployed with default configurations, attackers could abuse the systems by sending unauthenticated requests to door controllers via serial communication over TCP/IP.


Emotet Info-stealer Returns, with New Tactics
In the analyzed sample, a Microsoft Word Document that contains a malicious macro program which was developed to download Emotet, which then searches the targeted system for sensitive information that will be exfiltrated to the command and control (C2) servers under the attackers’ control.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.