IT Security News Blast 12-28-2017

IoT Holiday Threats

Holiday IoT Gifts and Home Security – What You Need to Know

There are enough pros, cons, and security risks to each Internet of Things (IoT) toy to fill blog posts between now and next December, but today we’re going to give you some information to consider before you pair that new toy doll to your home wireless network or your phone, and it might encourage you to keep a gift receipt… So, in the spirit of the season, here’s to adding a little security and privacy into your new stash of connected devices!

https://criticalinformatics.com/resources/blog/holiday-iot-gifts-and-home-security-what-you-need-to-know/

North Korea’s Got Talent And Other Cyber Security Challenges We Face In 2018

Cataclysmic security breaches pulverising businesses like Equifax and Uber have been a big feature of the last 12 months, along with evidence that hackers in states such as North Korea are targeting organisations in Europe and North America. In 2018 we can expect to see cyber-criminality of all kinds to continue its exponential growth, affecting almost every organisation on the planet. How will we, or should we react? Here are some predictions for the next 12 months[.]

http://www.huffingtonpost.co.uk/entry/north-koreas-got-talent-and-other-cyber-security-challenges-we-face-in-2018_uk_5a3d12e8e4b06cd2bd03d9f2

Cyber Grinch Steals Nearly $600K From Dublin Zoo

The business email compromise scam intercepted legitimate supplier invoices sent to the zoo then manipulated data on the documents to change payment details and account numbers, requesting that funds be sent into a fraudulent account, according to reports.

https://www.pymnts.com/news/b2b-payments/2017/dublin-zoo-business-email-invoice-cybercrime/

Compulsory Cyber Security threatening shipping. More than hackers.

All those fake news and numerous “analysis” materials, their massive coverage by all media, including major, resemble bombardment of enemy lines before calling to general advance. Industry media itself, in numerous cyber security articles, hints at what lies ahead. Go to any major industry outlet, search for “cyber security”, and you’ll be lost in abundance of cyber security “analysis” materials. There’s no meaning in reading them in full, they’re useless for any practical or knowledgeable purpose, while just several extras are enough to get the main idea[.]

http://maritimebulletin.net/2017/12/27/compulsory-cyber-security-threatening-shipping-more-than-hackers/

Healthcare CISOs: Master these skills, delegate the rest

“What CISOs should do is what other executives do: Build a team of specialists, and seek outside expertise in the form of industry analysts, consulting and professional services, and managed security services, to provide the expertise the CISO needs as it arises,” he said. […] When it comes to staffing up, CISOs need to be keenly aware of their organization’s needs and shortcomings and of areas where they themselves need help.

http://www.healthcareitnews.com/news/healthcare-cisos-master-these-skills-delegate-rest

Crafting a Strong Healthcare Cybersecurity Action Plan

Smaller healthcare organizations, such as rural hospitals or single-physician practices can find it much more difficult to maintain HIPAA compliance, said AHIMA IG Advisors Senior Director Kathy Downing, MA, RHIA. “Often times, those smaller organizations can’t necessarily hire full-time staff to manage privacy and security,” Downing told HealthITSecurity.com. […] Larger organizations cannot always prevent hacks either, which shows how much more difficult it could be for the small facilities, she said.

https://healthitsecurity.com/news/crafting-a-strong-healthcare-cybersecurity-action-plan

Threat posed by evil nations and criminals in cyber-land is rising

Cyber-crime, censorship and espionage are on the rise. Cyber-espionage in our region has continued unabated and it’s now evident that several governments in Southeast Asia are conducting very sophisticated operations. Inequality is growing and the most cyber-advanced ­nations have moved further from the more cyber-vulnerable Pacific Islands.

http://www.theaustralian.com.au/opinion/threat-posed-by-evil-nations-and-criminals-in-cyberland-is-rising/news-story/fdebd93f3dc0206afe0705e6f6ec045c

Software used in FBI’s biometric database contains Russian code: Report

BuzzFeed published the report after two French whistleblowers who worked for Morpho spoke out and emphasized that authorities should be concerned about the presence of Russian code in a software since Papillon has close ties with several Kremlin security and intelligence agencies including KGB’s replacement Federal Security Service (FSB).

https://www.hackread.com/fbi-biometric-database-russian-software-code/

Study Reveals Small But Powerful Iran Cyber Threat

The disclosures about Iran’s cyberattacks are a reminder that America and its allies live in a dangerous electronic ecosystem. Russia’s hacking of the 2016 U.S. presidential campaign gets daily coverage, and China’s theft of American secrets has also been well-publicized. What gets too little attention are the less-sophisticated but still-toxic weapons available to dozens of smaller countries. The U.S., with its relatively open systems, can be an easy target.

https://www.realclearpolitics.com/articles/2017/12/27/study_reveals_small_but_powerful_iran_cyber_threat_135856.html

Chinese Hackers Target Servers With Three Types of Malware

The group is operating worldwide and has been observed launching multiple attacks over the past several months. Each of the three malware families employed – Hex, Hanako and Taylor – is targeting different SQL servers and has its own goals, scale and target services. […] The compromised machines were used for various activities, including cryptocurrency mining, distributed denial of service (DDoS), and for implanting Remote Access Trojans (RATs).

http://www.securityweek.com/chinese-hackers-target-servers-three-types-malware

2017 Was Marked by Continuity and Confusion in Cyber Policy

In many ways, continuity was the defining element of the Trump administration’s cybersecurity policy in 2017. On big picture items from raising U.S. government cyber defenses to punishing international cyber pariahs, the Trump team was in lockstep with their Obama administration predecessors. In other cases, including shuttering the State Department cyber office, though, the Trump administration blazed a new path.

http://www.nextgov.com/cybersecurity/2017/12/2017-was-marked-continuity-and-confusion-cyber-policy/144787/

Watch: NSA whistleblower Edward Snowden’s app turns your phone into a physical security system

“Haven turns any spare android phone into a safe room that fits in your pocket,” claims NSA whistleblower Edward Snowden, referring to the newly-launched app that he developed, backed by the Freedom of Press Foundation. In an age where our digital security is at more risk than our physical security, Snowden claims that Haven will change the game of cyber surveillance.

https://video.scroll.in/862821/watch-nsa-whistleblower-edward-snowdens-app-turns-your-phone-into-a-physical-security-system

Michael Morell and Mike Rogers: Russian cyber-threat remains

In a single week this month, Moscow used Kremlin-oriented accounts to discredit the FBI after it was revealed that an agent had been demoted for sending anti- Donald Trump texts; to attack ABC News for an erroneous report involving President Donald Trump and Michael Flynn, the former national security adviser; to critique the Obama administration for allegedly “green lighting” the communication between Flynn and then-Russian Ambassador Sergey Kislyak; and to warn about violence by immigrants after a jury acquitted an undocumented Mexican accused of murdering a San Francisco woman.

http://www.omaha.com/opinion/michael-morell-and-mike-rogers-russian-cyber-threat-remains/article_46e1a86a-9258-5b77-9543-e57f467cf98b.html

Ex-FBI agent warns that Russia hasn’t stopped cyber attacks — and the US is doing nothing about it

“The Kremlin playbook never stopped,” Watts explained. “For a non-election year, it’s about audience sustainment and infiltration… You pick an audience that you really want to cozy up to, and you just repeat what they say.” Watts said that what’s really scary is that governments from across the globe are looking at the way Russia is using social media to influence American politics and are employing those techniques on their own people.

https://www.rawstory.com/2017/12/ex-fbi-agent-warns-that-russia-hasnt-stopped-cyber-attacks-and-the-us-is-doing-nothing-about-it/

FCC levies $13.4M fine against Sinclair for violating programming rules

The Federal Communications Commission recently fined Sinclair Broadcast Group Group Inc. more than $13 million for failing to identify sponsored content that the broadcaster aired on its stations. […] The programming was broadcast more than 1,700 times, either as stories resembling independently generated news coverage that aired during the local news, or as longer-form stories aired as 30-minute television programs, according to FCC filings.

https://www.bizjournals.com/baltimore/news/2017/12/27/fcc-levies-13-4m-fine-against-sinclair-for.html

A look into the crystal ball: Cybersecurity predictions for 2018

“We expect more exploitation of information as a weapon for financial, political and other gains. As we’ve seen numerous times, including with Equifax this year, these breaches can have a huge reputational and financial impact. Cybersecurity professionals must be prepared to stay ahead of malicious actors to ensure they are not gaining entry to sensitive files and email communications,” concludes Ferrante.

http://www.securityinfowatch.com/article/12388178/a-look-into-the-crystal-ball-cybersecurity-predictions-for-2018

Driverless cars became a reality in 2017 and hardly anyone noticed

Until November, Waymo’s cars always had a safety driver behind the wheel when they were on public roads in Arizona. On November 7, Waymo announced that it was going to start testing cars without a safety driver. There would still be a “pull over” button, but if the software malfunctioned in a serious way, there likely wouldn’t be anyone able to grab the wheel quickly enough to prevent a crash.

https://arstechnica.com/cars/2017/12/driverless-cars-became-a-reality-in-2017-and-hardly-anyone-noticed/

Email scam using Xero invoice as bait detected

The target receives an email with a Word document attached that is labeled as an invoice that contains malicious macros. The fake invoice is well crafted and contains the target’s name along with an email address that appears to be from Xero, but is actually domain recently registered in China. […] Xero is a commonly used software platform so the cybercriminals social engineering plan is banking on either the target having used the software at some point, or is at least familiar enough with it to become curious enough to open the attachment.

https://www.scmagazine.com/email-scam-using-xero-invoice-as-bait-detected/article/733183/

 

Ancestry.com’ RootsWeb breach: 300,000 plaintext accounts leaked

The data was discovered by Troy Hunt, founder of data breach notification website HaveIbeenPwned. Hunt did an analysis of the leaked data and reported that the breach took place in 2015, however, Ancestry.com was unaware of the incident. On the other hand, the company has confirmed the breach and wrote an in-depth blog post to explain what happened.

https://www.hackread.com/ancestry-rootsweb-breach-plaintext-accounts-leaked/

 

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.