IT Security News Blast 12-22-2017

Forces on Cybersecurity as Differentiator

4 Forces Accelerating InfoSec as a Competitive Differentiator
1. C-suites, Lawsuits and Gross Negligence
2. IoT Takeover and Weaponization
3. Increasing Regulatory Microscope on Third Parties
4. Creepy Ad Tracking vs GDPR
https://criticalinformatics.com/resources/blog/4-forces-accelerating-infosec-as-a-competitive-differentiator/

 

Russia’s Globex bank says hackers targeted its SWIFT computers
Sources familiar with last week’s attack on Globex said the bank had spotted the attack and been able to prevent the cyber criminals from stealing all the funds they had sought, according to a report in the Kommersant daily. The hackers only withdrew around $100,000, the report said.
https://www.reuters.com/article/us-russia-cyber-globex/russias-globex-bank-says-hackers-targeted-its-swift-computers-idUSKBN1EF294

 

Cybersecurity 2018 – The Year in Preview: Financial Institutions and the SEC
While the change in administration brought new leadership to the Commission, that group has made clear at every possible opportunity that combatting the cyber threat will be a top SEC priority in 2018 and beyond.  For example, Enforcement Division co-director Steve Peikin, a former federal prosecutor and partner at Sullivan & Cromwell, referred to cyber attacks as the “greatest threat to our markets right now.”
http://www.securityprivacyandthelaw.com/2017/12/cybersecurity-2018-the-year-in-preview-financial-institutions-and-the-sec/

 

Sophisticated cyber threats and being ready for GDPR are major concerns for finance sector IT pros
Over half (52 per cent) also said that high profile cyber-attacks in the news prompt greater scrutiny on existing systems, and nearly a third (31 per cent) said they make everyone within the organisation fearful, hampering productivity. However, the research points towards a confidence in the sector, with 94 per cent of organisations considering themselves well-equipped to ward off cyber-attacks, yet a quarter still fear cyber threats becoming more sophisticated and harmful in 2018.
https://www.institutionalassetmanager.co.uk/2017/12/21/259617/sophisticated-cyber-threats-and-being-ready-gdpr-are-major-concerns-finance-sector

 

Protecting healthcare from cyber attack
Standardized cyber identity credentials are a form of code. Those compliant with the SAFE-BioPharma standard assure strong trust that the code has been issued following a detailed protocol that checks and confirms the individual’s actual identity. Once activated, the credential requires use of multi-factor authentication to be accepted by computer systems programmed to participate with the standard.
https://www.secureidnews.com/news-item/protecting-healthcare-cyber-attack/

 

Cyber insurer to cover bankrupt cancer clinic’s $2.3M HIPAA fine
OCR has repeatedly said that it doesn’t wish to put organizations out of business when issuing these fines, but privacy attorney Adam Greene of law firm Davis Wright Tremaine, who was not involved in the case, told Healthcare Info Security that “when things might be tough financially, OCR clearly still expects the organization to put significant resources into privacy and security.”
https://www.beckershospitalreview.com/cybersecurity/cyber-insurer-to-cover-bankrupt-cancer-clinic-s-2-3m-hipaa-fine.html

 

COLUMN-Commentary: Making sense of North Korea’s hacking strategy
While most fear a nuclear attack from North Korea, North Korea has consistently used cyber attacks as a distraction from its nuclear program. Since North Korea’s second nuclear test in May 2009, its cyber attacks have targeted South Korea’s critical networks every time there is a nuclear test. After its third test in February 2013, South Korean television stations and a bank suffered from the 3.20 Cyber Terror attack, known as DarkSeoul.
https://www.reuters.com/article/beyer-cyber/column-commentary-making-sense-of-north-koreas-hacking-strategy-idUSL1N1OL289

 

Russia’s Fancy Bear APT Group Gets More Dangerous
The group — also referred to as Sednit, APT28, and Sofacy — appears to have recently refurbished its primary malware tool, Xagent, and added new functionality to make it decidedly stealthier and harder to stop, security vendor ESET said in an advisory Thursday. […] Initial versions of the tool were designed to break into Windows and Linux systems. But it has been updated in the past two years to include support for iOS, Android, and, since the beginning of this year, OS X.
https://www.darkreading.com/attacks-breaches/russias-fancy-bear-apt-group-gets-more-dangerous/d/d-id/1330702

 

Chinese hackers go after think tanks in wave of more surgical strikes
The three hackers indicted in November of this year, all from the firm BoYu Information Technology Co., are an example of that trend, Myers said. The think tank attacks in October and November had all the hallmarks of a contractor operation. The attackers worked largely during Beijing business hours, used tried-and-true (and widely available) tools, and were highly focused in their attempts to extract data.
https://arstechnica.com/information-technology/2017/12/chinese-hackers-go-after-think-tanks-in-wave-of-more-surgical-strikes/

 

DHS plans to step up cyber agreements with private companies
According to a DHS cybersecurity official with direct knowledge of the developing policy, the department is looking to increase the use of proactive memorandums of agreement with Section 9 entities in advance of a specific incident. Voluntary agreements would pre-clear the department to provide incident response services, monitor networks when threat indicators pop up, block malicious traffic and deploy resources to assist those entities in the event of a cyberattack. The official requested anonymity in order to speak candidly.
https://fcw.com/articles/2017/12/21/section9-dhs-cyber-johnson.aspx

 

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer
The vulnerability, CVE-2017-11882, is a memory corruption bug that was patched on Nov. 14, yet reportedly has already been leveraged in multiple in-the-wild attacks that deliver malware such as Cobalt, POWRUNER, BONDUPDATED, Pony/FAREIT, FormBook, ZBOT, and Ursnif.
https://www.scmagazine.com/microsoft-bug-cve-2017-11882-exploited-to-deliver-loki-information-stealer/article/720224/

 

Infosec controls relaxed a little after latest Wassenaar meeting
So what? According to this commentary published at The Hill, by Luta Security’s Katie Moussouris (a participant in the talks as a vulnerability expert), it’s important, because “the specific cross-border sharing activities around vulnerability disclosure and security incident response are exempt from requiring export control licenses as dictated by Wassenaar.”
https://www.theregister.co.uk/2017/12/21/infosec_controls_relaxed_a_little_after_latest_wassenaar_meeting/

 

How to Create the Unhackable Computer
The Defense Advanced Research Projects Agency (DARPA) has put $3.6 million toward a university project that aspires to build an impenetrable computer. “We are making the computer an unsolvable puzzle,” said Todd Austin, the University of Michigan computer science and engineering professor who heads MORPHEUS, the name of the endeavor. “It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it.”
http://www.hcanews.com/news/how-to-create-the-unhackable-computer

 

The dirty dozen: 12 top cloud security threats for 2018
Contrary to what many might think, the main responsibility for protecting corporate data in the cloud lies not with the service provider but with the cloud customer. “We are in a cloud security transition period in which focus is shifting from the provider to the customer,” Heiser says. “Enterprises are learning that huge amounts of time spent trying to figure out if any particular cloud service provider is ‘secure’ or not has virtually no payback.”
https://www.csoonline.com/article/3043030/security/12-top-cloud-security-threats-for-2018.html

 

Specially prepared photos shown bypassing Windows Hello facial recognition
Security researchers at a German security firm, SySS, have shown that the Windows Hello facial recognition can be tricked by using specially prepared printouts of photographs. Microsoft added an “enhanced anti-spoofing” mode in the Windows 10 Creators Update earlier this year that properly defeats the attack, but it’s neither enabled by default nor compatible with all Windows Hello hardware.
https://arstechnica.com/gadgets/2017/12/specially-prepared-photos-shown-bypassing-windows-hello-facial-recognition/

 

WordPress Captcha Plugin Contains Backdoor- 300,000 Websites at Risk
A warning has been issued by researchers disclosing the identification of a backdoor in yet another WordPress plugin called Captcha. This plugin already has nearly 300,000 installations, which shows how popular it is among the users. However, when WordFence identified that a backdoor was added to it after an update was released on December 4. Hence, a warning was issued explaining that Captcha must be replaced with WordPress version 4.4.5 immediately.
https://www.hackread.com/wordpress-captcha-plugin-backdoor-risk/

 

Facial recognition at US airports becoming routine, researchers warn
“When American citizens travel by air, they should not have to choose between privacy and security,” he said. “The implementation of DHS facial scanning program for US citizens leaving the country raises a number of questions.” The perpetual lineup: Half of US adults in a face-recognition database He urged DHS and airlines that participate in the expanding program to clearly inform “every American citizen that they have the right to opt out of facial scanning.”
https://arstechnica.com/tech-policy/2017/12/facial-recognition-at-us-airports-becoming-routine-researchers-warn/

 

EMC admin? Plug this hole before the holidays
It’s probably worth your time running the patch in, if you can, because as the advisory explained, it’s a memory overflow that could open a system to remote code execution (RCE). CVE-2017-14385 affects quite a few versions of the system: the Data Domain DD OS 5.7 family prior to 5.7.5.6; 6.0 versions prior to 6.0.2.9; 6.1 versions prior to 6.1.0.21; all versions of Data Domain Virtual Edition in 2.0, 3.0 prior to 3.0 SP2 Update 1, and 3.1 prior to 3.1 Update 2.
https://www.theregister.co.uk/2017/12/21/emc_admin_plug_this_hole_before_the_holidays/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.