IT Security News Blast 6-1-2017

Kmart Payment Systems Infected With Malware

It’s unclear what point-of-sale (PoS) malware has been used in the attack, but the retailer has described it as “a new form of malware” and “undetectable by current antivirus systems.” The company’s investigation showed that names, addresses, social security numbers, dates of birth, email addresses and other personally identifiable information (PII) have not been compromised. Kmart believes the attackers may have only accessed payment card numbers.

 Providers beware: Consumers have low tolerance for cyberattacks

68% of U.S. consumers would consider leaving their healthcare provider if it was attacked by ransomware, a survey of 5,000 consumers by security firm Carbon Black shows. Roughly 7 in 10 consumers trust their healthcare providers and financial institutions to keep their data safe, while only about half trust retailers. At the same time, consumers believe individual organizations — and not security vendors, software companies or the government — bear the brunt of responsibility for protecting personal data.

 Plastic surgery patients face extortion in wake of clinic data breach

Thousands of private photos have been leaked by cybercriminals following the hack of a Lithuanian cosmetic surgery clinic. A hacking group, using the nickname “Tsar Team”, leaked images it claims came from the Grozio Chirurgija clinic servers. The group spaffed the data after targeted health facility’s customers failed to meet extortionate payment demands. Local police say dozens of patients have come forward to report getting blackmailed.

 94% believe unsecured IoT devices could lead to ‘catastrophic’ cybersecurity attack

The report, jointly released by the Ponemon Institute and the Shared Assessments Program, was built on the responses of 553 individuals from various industries. The Internet of Things (IoT): A New Era of Third Party Risk takes a look at the concerns around third-party risks in IoT security, and what business leaders are doing to address it. […] One of the most surprising points was how many survey respondents expected to be the victim of an attack. Some 76% of those surveyed said that a DDoS attack resulting from an unsecured IoT device would be “likely to occur within the next two years,” the report said.

 2017: The Year of Big Shifts in Cybersecurity

Whether ­related to hacking incidents during the ­presidential election, a breach at a major U.S. corporation (or two) affecting millions of customers, or the inadvertent divulging of government secrets, cybersecurity is the hot topic of the year. Yet, so often these news stories focus on specific incidents rather than the cybersecurity landscape in general and how it might be evolving as a result.

 Higher ed stepping in to fill cybersecurity gaps

The federal government also supports the development of a cybersecurity workforce via grant funding. In January 2015, then-Vice President Joe Biden announced a $25 million grant from the U.S. Department of Energy’s National Nuclear Security Administration. Norfolk State University was one of the institutions awarded funds through the program to develop its cybersecurity program and increase diversity in the workforce. An online master’s program began that fall, and the school was recognized by the National Security Agency and the U.S. Department of Homeland Security as a National Center of Excellence in Information Assurance Education.

 With government cyber defense, sometimes it’s best to give up hope

To remain one step ahead, government agencies are turning to more advanced cyber deception technologies that include both decoy devices as well as realistic traffic generation. Such traffic generation includes data resembling user browsing sessions as well as encrypted protocol sessions that are extremely difficult to distinguish from real traffic, even for expert observers. Sophisticated cyber deception technology can also include false documents placed in low-impact servers that divert attackers from real servers and more sensitive information, or watermarked documents that can be used to track an adversary as they navigate in and out of the network.

 Cisco, IBM Team Up For Integrated Cybersecurity Products, Threat Intelligence And Managed Services Offerings

The two companies announced on Wednesday new IBM QRadar integrations with Cisco security offerings, including an agreement that Cisco will build two new applications for the IBM Security App Exchange for Cisco Firepower and Cisco Threat Grid. Cisco and IBM also announced the integration of the IBM Resilient Incident Response Platform with Cisco Threat Grid, an integration to be augmented with other offerings including IBM Watson for Cybersecurity and Threat Grid threat intelligence.

 New CAQ paper says CPAs are central to cybersecurity

The white paper also noted that with the new cybersecurity reporting framework from the American Institute of CPAs (AICPA), CPAs can provide new business services. The framework outlines how an accountant can use management’s description and evaluation of a company’s cybersecurity plan, as well as the CPA’s own opinion on those two factors to evaluate a company’s cybersecurity position.

 Democrats ask FBI to probe reported FCC cyberattack

In a letter to acting FBI Director Andrew McCabe sent Wednesday, the senators asked the bureau to “investigate the source” of the distributed denial-of-service (DDoS) attack. […] “This particular attack may have denied the American people the opportunity to contribute to what is supposed to be a fair and transparent process, which in turn may call into question the integrity of the FCC’s rulemaking proceedings,” they wrote.

 China’s New Cybersecurity Law Leaves Foreign Firms Guessing

The law — which was rubber-stamped by the country’s Parliament last year — is part of wide-ranging efforts by Beijing to manage the internet within China’s borders. […] And while Chinese officials say the new rules will help guard against cyberattacks and prevent terrorism, critics, many of them from businesses, have their concerns. Companies worry that parts of the new law, which takes effect on Thursday, will make their operations in China less secure or more expensive. In some cases, they argue, it could keep them out entirely.

 Technological change and cyber risk overtake regulation as top risks for insurers

The report raises concerns about the industry’s ability to address the formidable agenda of digitisation, new competition, consolidation and cost reduction it faces, especially because of rapidly emerging technologies which could transform insurance markets, such as driverless cars, the ‘internet of things’ and artificial intelligence. Cyber risk follows close behind, with anxiety rising about attacks on insurers themselves as well as the costs of underwriting cyber-crime. Other major concerns include the adequacy of insurer’s internal technology systems and new competition, particularly from the ‘InsurTech’ sector.

 OneLogin suffers breach—customer data said to be exposed, decrypted

OneLogin has admitted that the single sign-on (SSO) and identity management firm has suffered a data breach. However its public statement is vague about the nature of the attack. An e-mail to customers provides a bit of detail—warning them that their data may have been exposed. And a support page that is only accessible to OneLogin account holders is even more worrying for customers. It apparently says that “customer data was compromised, including the ability to decrypt encrypted data.”

 Secret Pentagon Files Left Unprotected on the Amazon Server

Apparently, some of the confidential data related to the US military project was simply left completely unprotected on a server belonging to Amazon. The data included over 60,000 files with some of the very sensitive info publicly accessible and not even protected with a password. That is almost 28GB of confidential data which a contractor from Booz Allen Hamilton (BAH) had left unguarded. BAH is one of the top defense contractors that’s been working for the US and was long considered to be among the best and most profitable spy operations in the world.

 Innovation versus cybersecurity: Survival hangs in the balance

“There is no innate conflict between innovation and security,” said Bill Curtis, SVP and chief scientist at CAST Software, a software analytics and measurement firm. “The tradeoff often comes in speed-to-market versus adequate quality assurance.” Executives usually make a mental trade-off between revenue lost per week of additional development and testing time versus the potential loss from security breaches, outages, etc., he says. “The problem is that they rarely understand the full extent of the damages if a security breach is extensive.”

 Sons of IoT: Bikers hack Jeeps in auto theft spree

According to the DoJ’s indictment, the group worked in small teams to identify specific models of Jeep Wranglers throughout the San Diego area. Once a target vehicle was identified, a member obtained the truck’s vehicle identification number (VIN), which is usually printed on the dashboard. The VIN was then passed to another member, who used database login credentials taken from a Jeep dealer in Cabo San Lucas, Mexico. The database, used by dealerships to perform repairs on the cars, contained the information needed to cut and program duplicate keys.

 Cisco, Netgear Readying Patches for Samba Vulnerability

The vulnerability, (CVE-2017-7494) disclosed last Wednesday, affects versions of 3.5.0 onward of Samba, the free software re-implementation of the SMB/CIFS networking protocol. If exploited, the bug could allow authenticated attackers to execute arbitrary code remotely and take control of an affected system. Samba pushed a patch for versions 4.4 and higher a week ago but companies, many of which make products that use Samba, are continuing to learn about the vulnerability’s scope.

 Insider threat training deadline here for federal contractors

The class is part of the National Industrial Security Program Operating Manual (NIPSOM) Change 2, a government regulation that mandates that all cleared third-party contractor take an insider threat training program. This is the second stage in a new compliance requirement, the first took effect on November 30, 2016 when contractors had to implement a number of steps to protect themselves from insider threats.

 Decoy Files Found in PDFs Dropping Jaff Ransomware

The distribution campaign uses PDF files attached to the spam emails, but with Word documents hidden inside. The email subject ranges from fake invoice notifications to fake payment receipts, and from alleged image scans to random file copies. The ultimate goal remains the same: the Word document inside the PDF file is meant to download and drop a malware executable. According to Trustwave, however, the PDF campaigns have been evolving almost daily, with a larger number of embedded files discovered inside recent attachments and with additional layers of obfuscation.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.