IT Security News Blast 2-15-2017

It’s ‘Code Red’ as cyber-security pros gather
Cybersecurity threats are now a household worry, putting the thousands of professionals who flock to the annual RSA cybersecurity conference here in an unusually influential position. “The threat level is now Code Red,” said Avivah Litan, a security analyst with Gartner, a consulting company. Familiar threats, such as hacking by groups backed by governments, are not new, but they’ve become more severe in the last year. Plus there are new ones, such as the use of botnets to take down Internet service for an entire region.

Russian cyber attacks could happen here ahead of the next election, intelligence agencies warn
The intelligence experts are understood to have advised Australian politicians yesterday that once a pattern of behaviour into an attempt to disrupt or influence elections has been detected, it tends to be repeated. In the briefing, intelligence chiefs are understood to have advised Australian politicians how to minimise the threat of being exposed to espionage and cyber attack, and what protective measures can be taken.

Proper Planning Key To Pre-Empting Invisible Cyberattacks
Visibility across your environment, proper security design of networks and actionable threat intelligence are the keys to protecting your enterprise against “invisible” cyber attacks.  This combined approach, the company reports, helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artifacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

The Cyberattacks We Don’t Hear About But Should
No wonder then that customer privacy is on the minds of CEOs, according to “Now or Never,” Forbes Insights’ and KPMG’s CEO outlook. Eighty-two percent of CEOs are concerned that their company may be less worried about privacy than their customers are. […] “Such attacks can be very impactful on the ability to execute business strategy,” says Bell. “We’re seeing losses in billions of dollars. When unique intellectual property, the basis of competitive advantage, disappears overnight the outcomes can be disastrous.”

Change In Corporate Mindset Needed To Combat Cyber Attacks
Certain corporate boards and C-level executives think that because their company owns cyber insurance they don’t need to worry, observes Donald Good, Director of Global Legal Technology Solutions at Navigant. “Instead, they should be planning and thinking about the repercussions of a cyber breach and how it will hurt their bottom line,” Good recommends. […] Companies that lack a creditable cybersecurity strategy are playing a game of Russian roulette. According to Juniper Research, cybercrime will cost businesses $2.1 trillion globally by 2019, quadrupling the estimated cost of breaches in 2015. The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.

Why You Need to Get Familiar With Mike Tyson’s ‘Law of Cybersecurity’
Former pro boxer Mike Tyson had a wry sense of humor. “Everyone has a plan until they get punched in the mouth,” he once famously said. […] Post-breach bewilderment to be all too common among victims of cyberattacks, so much so that Ramzan has dubbed Tyson’s truism, tongue in cheek, “Tyson’s law of cybersecurity.” Ramzan shared his spin on the quote during a Tuesday morning keynote at the annual RSA security conference in San Francisco, which he previewed exclusively with Fortune.

Cybersecurity alliance promoting intel-sharing seeks to expand
The Cyber Threat Alliance, a group of security firms that often compete, says its efforts to share intelligence on the latest hacking threats have been paying off. […] The intelligence sharing between the vendors will also accelerate. Before it was done manually, and involved sharing 1,000 malware samples each day. But alliance members have built a platform that will now automate the information sharing in real-time.

Android Banking Trojan Marcher Infects Devices to Steal Payment Cards
Securify researchers explained about the malware: “Marcher is one of the few Android banking Trojans to use the AndroidProcesses library, which enables the application to obtain the name of the Android package that is currently running in the foreground. This library is used because it uses the only (publicly known) way to retrieve this information on Android 6 (using the process OOM score read from the /proc directory).”

New Mac malware pinned on same Russian group blamed for election hacks
APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion, researchers from antivirus provider Bitdefender reported in a blog post published Tuesday. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.

IBM brings the power of Watson to cyber security
“The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats,” says Denis Kennelly, vice president of development and technology at IBM Security. “Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime.”

Websites Can Now Track You Online Across Multiple Web Browsers
A team of researchers has recently developed a cross-browser fingerprinting technique — the first reliable technique to accurately track users across multiple browsers based on information like extensions, plugins, time zone and whether or not an ad blocker is installed. Previous fingerprinting methods usually only work across a single browser, but the new method uses operating system and hardware level features and works across multiple browsers. This new fingerprinting technique ties digital fingerprint left behind by a Firefox browser to the fingerprint from a Chrome browser or Windows Edge running on the same device.

What could happen if you refuse to unlock your phone at the US border?
The most recent public document to date on this topic appears to be an August 2009 Department of Homeland Security paper entitled “Privacy Impact Assessment for the Border Searches of Electronic Devices.” That document states that “For CBP, the detention of devices ordinarily should not exceed five (5) days, unless extenuating circumstances exist.”

‘We need a new Geneva Convention to protect all citizens from snoops’
In a keynote at this year’s RSA USA Conference, Redmond’s president Brad Smith called on the technology industry to cooperate and form a “Digital Switzerland” for the world. That doesn’t mean fondue for all or caching Nazi gold, but rather that the tech industry needs to insist on being an impartial operator that shields its users from unwarranted state spying and attack. […] “We will not aid attacking customers anywhere, regardless of whether governments ask us to do so,” Smith told the RSA audience in San Francisco today. “We need to make the case that the world needs to retain its trust in technology; we need to maintain the world’s trust.”

PayPal users hit with “Payment Successfully Made Via Ali Express” Phishing Scam
Recently, some PayPal users (including myself) have received an email claiming that a payment of $450.0 USD has been made to lie.xyy ( from their PayPal account through AliExpress for iPhone 6S Black 32GB but in case the user did not make this payment and looking to resolve the issue they should click the link. […] The email address which is used by the scammers to carry this attack out is Upon clicking on the domain, users are redirected to (Time Warner Cable Central). The RoadRunner domain is owned and registered by Warner Bros. Entertainment Inc while TWCC domain is under Time Warner Inc.

Forget quantum and AI security hype, just write bug-free code, dammit
“I’m skeptical of AI on security,” said Ronald Rivest, MIT Institute professor and the ‘R’ in RSA. “Where we are seeing it becoming a wedge issue with the recent election is with AI bots in chat rooms. In 10 or 15 years you’ll be competing to find a real human in a sea of chat bots.” His former colleague at RSA, Adi Shamir, currently the Borman professor of computer science at the Weizmann Institute, was similarly skeptical about AI systems in security. Attempting to train such a device could lead to interesting problems.

Army’s Cyber Team Launches Career Management Program for Civilians
The U.S. Army has introduced a career management initiative that seeks to integrate civilians with the service branch’s cyber enterprise. The service branch’s cyber leaders launched the program in January after the Army initiated efforts to grow the cyber force within the military, the Army said Friday. The Army also plans to study the feasibility of a direct commissioning pilot program to recruit civilians for cyber units. The Defense Department “has now asked us to do a pilot program by service… looking at skill sets that we can bring on direct commissioning into the cyber career field,” said Brig. Gen. Patricia Frost, director of cyber for the Army’s G-3/5/7.

Signal Messaging App Rolls Out Encrypted Video Calling
The Signal app, which is widely considered the most secure of all other encrypted messaging apps, released video calling feature on Tuesday for both Android and iOS in a new update. Developed by open source software group Open Whisper System, Signal is a free and open source messaging application specially designed for Android and iOS users to make secure and encrypted messages and voice calls. Even the Signal Protocol powers the end-to-end encryption built into WhatsApp, Facebook Messenger, and Google Allo’s Incognito mode as well.