IT Security News Blast 12-29-2017

Swiss Alps

Swiss Re chief urges governments to back cyber insurers
Christian Mumenthaler said governments around the world need to provide a backstop in case of huge attacks, much as they do for terror incidents. “You need the same here, otherwise the public market cannot really develop fully,” he told the Financial Times in an interview. At the moment, he said, governments are not willing to take on the risks: “At the current stage the appetite of governments to engage in such a dialogue is zero.”
https://www.ft.com/content/0212ad0e-e72d-11e7-8b99-0191e45377ec

 

Charities top worry revealed – and majority don’t have insurance
New research from the insurer, which protects more than 45,000 charities and not-for-profit organizations, found that 77% of charities polled named data loss as their biggest worry, followed secondly by the cost of putting things right, and thirdly by the costs incurred as a result of breaching data regulations and laws.
https://www.insurancebusinessmag.com/ca/news/cyber/charities-top-worry-revealed–and-majority-dont-have-insurance-87991.aspx

 

Rapid Growth in Security Market Raises Question: How to Pick a Startup
Before plunging into a contract to secure solutions or services from a cybersecurity startup, organizations should ask these five key questions:
·       When did your organization receive its last funding round and did it come from existing investors?
·       Who are your investors?
·       Can you tell me about your management team and their experience in this industry and running a startup?
·       How long has each of your management team members been with the company and did they replace someone?
·       Can you provide me a customer list and tell me the last time you signed up a customer?
https://www.darkreading.com/mobile/rapid-growth-in-security-market-raises-question-how-to-pick-a-startup/d/d-id/1330638

 

Five Steps To Greater Cybersecurity In Health Care Organizations
Health care organizations can take several straightforward measures to preserve cybersecurity, but hospitals and health systems do not always follow these protocols. Unfortunately, some high-profile organizations have experienced data security lapses in which protected health information (PHI) has been exposed. Although no electronic system is completely impenetrable, here are five steps organizations can employ to help limit the likelihood of a breach[.]
https://www.forbes.com/sites/forbestechcouncil/2017/12/28/five-steps-to-greater-cybersecurity-in-health-care-organizations/#72accf8b4dba

 

Cyberattack forces New York State hospital to run on downtime procedures
A cyberattack disrupted computer systems at Jones Memorial Hospital (JMH) in Wellsville, N.Y. on Thursday, the Buffalo-area health care facility has announced on its website. While the hospital did not state the nature of the incident, the circumstances sound similar to previous ransomware attacks against health care providers. According to the hospital, patient financial or medical information did not appear to be compromised, but a “limited number of our information services” were rendered inoperable.
https://www.scmagazine.com/cyberattack-forces-new-york-state-hospital-to-run-on-downtime-procedures/article/733482/

 

Holiday IoT Gifts and Home Security – What You Need to Know
There are enough pros, cons, and security risks to each Internet of Things (IoT) toy to fill blog posts between now and next December, but today we’re going to give you some information to consider before you pair that new toy doll to your home wireless network or your phone, and it might encourage you to keep a gift receipt… So, in the spirit of the season, here’s to adding a little security and privacy into your new stash of connected devices!
https://criticalinformatics.com/resources/blog/holiday-iot-gifts-and-home-security-what-you-need-to-know/

 

Jailed Hacker Claims Proof He Breached DNC on Russia’s Orders
In an interview with a Russian television station made public Dec. 27, Kozlovsky reported more details on what he said was an operation led by the Russian intelligence agency FSB to hack the DNC. He claims he planted a string of numbers — his Russian passport and visa number to visit the island of St. Martin — in a generic .dat file. The idea was to give himself a safety net in case those who directed the attack turned on him, he claims.
https://www.darkreading.com/endpoint/jailed-hacker-claims-proof-he-breached-dnc-on-russias-orders/d/d-id/1330720

 

China lashes out at German ambassador over cyber security
He said requests for a “meaningful dialogue” about Chinese curbs on virtual private networks, which are used for encrypted communication and can evade Beijing’s web filters, have “regrettably not yet received a positive response.” “The remarks by the relevant ambassador are not constructive, and some of them are even wrong,” said a foreign ministry spokeswoman, Hua Chunying, at a regular briefing.
http://abcnews.go.com/International/wireStory/china-lashes-german-ambassador-cyber-security-52006525

 

Mueller Investigates Whether Trump Campaign Fed Voter Data To Russia Ops
Investigators have been looking into whether Russia provided the campaign with voter information stolen by Russian hackers from election databases in several states, and whether the Trump campaign helped Russia target its political ads to specific demographics and voting precincts.
https://crooksandliars.com/2017/12/mueller-looking-whether-trump-campaign-fed

 

US charges Romanians with hacking police cameras before Trump inauguration
“This case was of the highest priority due to its impact on the Secret Service’s protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration,” the statement said. U.S. officials said the alleged conspiracy compromised the city police department’s camera computers between Jan. 9 and Jan. 12 but did not threaten anyone’s physical security. It did, however, store two ransomware variants called “cerber” and “dharma” on police computers, the statement said.
https://www.reuters.com/article/us-usa-cyber-romanians/us-charges-romanians-with-hacking-police-cameras-before-trump-inauguration-idUSKBN1EM1SU

 

People who know how the news is made resist conspiratorial thinking
News media literacy is the catch-all term for understanding how bias, unconscious or otherwise, influences the creation and consumption of news. This includes an awareness of the priorities of news organizations as businesses and the influence that ownership can have on the slant of news articles. But it also comes down to issues like recognizing that we bring our own biases in to the news we consume, allowing two people to come away from the same article with very different information.
https://arstechnica.com/science/2017/12/knowing-how-the-news-media-works-protects-people-from-conspiracy-theories/

 

New Jersey State Police spent $850,000 on Harris Corp. stingray devices
“The response to our OPRA request is really disappointing because it shed virtually no information on how Stingray technology is being used and New Jerseyans deserve to know,” LoCicero said. “This is really invasive and sweeping search tools that were developed for the military and now they’re being used in New Jersey and public needs to know more.”
https://www.scmagazine.com/850000-spent-on-harris-corp-stingrays-by-new-jersey-state-police/article/733485/

 

FCC tries to make Miami pirate radio station walk the plank
In September 2017, the FCC hit all three individuals with a joint fine of $144,344—the highest possible amount under current law. The targets of the investigation don’t seem particularly worried, though; as the FCC noted in a recent document, Harold Sido is still hosting the allegedly incriminating video on his Facebook page. And Radio Touche Douce still has its own webpage, where it provides contact info for its DJs, sells advertising space, and tells listeners that they can hear the station on “90.1 FM.”
https://arstechnica.com/tech-policy/2017/12/fcc-tries-to-make-miami-pirate-radio-station-walk-the-plank/

 

Code Used in Zero Day Huawei Router Attack Made Public
“The fact that the code is now in the open means that more threat actors would now be using it. We can assume that the exploit would become commodity, and IoT botnets that attempt at exploiting a large kit of vulnerabilities will be adding CVE- 2017-17215 to their arsenal,” said Maya Horowitz, threat intelligence group manager, Check Point.
https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/

 

Unsecured At Any Speed: The Cyber Risks Of The Connected Car
I have never seen anyone pull into a parking space, get out of their car and leave their laptop, wallet, iPhone, social security card, list of most important passwords and their banking information on the hood before walking away. But as the era of the connected car begins, that may essentially start happening every day.
https://www.forbes.com/sites/forbestechcouncil/2017/12/28/unsecured-at-any-speed-the-cyber-risks-of-the-connected-car/#646527bc1431

 

Kernel Exploit for Sony PS4 Firmware 4.05 Released, Jailbreak Coming Soon
Developer SpecterDev finally released a fully-functional much-awaited kernel exploit for PlayStation 4 (firmware 4.05) today—almost two months after Team Fail0verflow revealed the technical details of it. Now available on Github, dubbed “namedobj,” the kernel exploit for the PlayStation 4 on 4.05FW allows users to run arbitrary code on the gaming console, enabling jailbreaking and kernel-level modifications to the system. Although PS4 kernel exploit does not include Jailbreak code, others can develop a full jailbreak exploit using it.
https://thehackernews.com/2017/12/ps4-jailbreak-kernel-exploit.html

 

Bose & Sonos Smart Speakers can be Hacked to Play Disturbing Sounds
Trend Micro’s research director Mark Nunnikhoven states that these smart speakers can be controlled just because of a ‘carelessly configured network’ or lack of appropriate security. “The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point anyone can go in and start controlling your speaker sounds.”
https://www.hackread.com/bose-sonos-smart-speakers-hacked-sounds/

 

John McAfee’s Twitter account hacked in cyber-security breach
The tech pioneer’s account was compromised and used to promote obscure crypto-currencies. But Mr McAfee insisted the breach did not reflect badly on his own company’s cyber-security credentials, saying: “I have no control over Twitter’s security.” Twitter has not commented on the claims but highlighted to the BBC security guidance offering two-stage authentication for its users.
https://www.standard.co.uk/news/techandgadgets/john-mcafees-twitter-account-hacked-in-cybersecurity-breach-a3727926.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.