IT Security News Blast 8-21-2017

What to know before buying AI-based cybersecurity tools

“Proving the value requires comparing the results of a tool to existing tools or team members, while keeping in mind that evolutionary steps can be valuable while in search of a revolutionary system,” Hillard said. “That can mean testing the capability of malware or intrusion detection to identify new threats, or judging if AI is able to replicate, or accelerate, the capabilities of a hunt team.”

 Xerox CISO: How business should prepare for the future security threat landscape

As we move to AI, then we also have to move into AI in a security space ‑‑ thinking about the talent shortage, thinking about the fact that we’re not going to close this talent gap. How do we close the talent gap? How do we get around it? By allowing AI, allowing robots and smart learning and things like that to play a role in this. We need to challenge our vendors and say, “You’ve got great platforms that perform analytics for me, but now I need these great platforms to not just perform the analytics, but to actually do something.”

 Has GPS become so vulnerable that it’s now a liability? [Podcast]

There are serious question marks being raised over the Global Positioning System (GPS) after reports circulated that some shipping in the Black Sea may have been disrupted recently by GPS spoofing. This means that a false signal is manipulated to confuse a satellite receiver, jamming the true location of a vessel, even making it look like it has moved to another location. This vulnerability is considered so serious that countries are developing back-up systems based on old World War II radio technology. Professor Todd Humphreys from the University of Texas says our trust in GPS has to be questioned.

 Top 4 Key Concerns in Healthcare Mobile Security Options

In this primer, outlines four key considerations with mobile security. Organizations of all sizes must budget for cybersecurity, choose the right mobile tools, conduct regular employee training, and maintain HIPAA compliance with all devices.

  • Choosing the right mobile healthcare tool
  • Budgeting for necessary mobile security tools
  • Implementing regular employee training
  • Understanding HIPAA compliance for mobile options

 Trump orders that U.S. Cyber Command receive new authority to conduct cyberwarfare

There’s bipartisan support on Capitol Hill to provide Cyber Command with greater operational authority and additional resources, but the question of whether the organization should be divided from NSA remains more difficult for Congress to answer. Until now, the Maryland-based sub-unified combatant command has relied heavily on the NSA’s talent, capabilities, resources and expertise to conduct cyberwarfare missions.

 Newly activated Guard unit to bolster Army Cyber forces

TF Echo consists of 138 National Guard members from seven states and highlights the total Army’s capability and focus to support cyber operations and carry out defense of the Army network. […] The Guard recruited Soldiers from California, Georgia, Michigan, Indiana, Utah, Ohio and Virginia for their skills and experience in systems and cybersecurity. The Soldiers were mobilized for 400 days and will be integrated into the Maryland National Guard during their active duty.

 North Korea accuses Japan of planning cyberspace war

North Korea accused Japan of building a cyberspace attack force in its military under the pretext of self-defence, the media reported. Official newspaper Rodong Sinmun on Saturday said the Japanece Defence Ministry is planning to boost the size and capability of its cyber unit under the excuse of self-defence against hackers. The members of the cyber unit will be drastically increased and a department for specializing in cyber attack capability will be set up, Xinhua news agency reported.

 Tracing the sources of today’s Russian cyber threat

Some of the most talented and dangerous cyber crooks and cyber warriors come from Russia, which is a longtime meddler in other countries’ affairs. Over decades, Russian operators have stolen terabytes of data, taken control of millions of computers and raked in billions of dollars. They’ve shut down electricity in Ukraine and meddled in elections in the U.S. and elsewhere. They’ve engaged in disinformation and disclosed pilfered information such as the emails stolen from Hillary Clinton’s campaign chairman, John Podesta, following successful spearphishing attacks. Who are these operators, why are they so skilled and what are they up to?

 Cyber Intrusions Linked to Global Geopolitics

Mandia said he is amazed that faceless, nameless actors can post stolen documents and somehow have the credibility to be believed in cyberspace. “And with our free press in America, when an organization is ‘doxed’ and information is released, our press actually covers it, the information then spreads with damaging impacts. With a free press, we are vulnerable,” he said. And the United States can’t retaliate in kind. “There is no ‘eye for an eye’ on this one,” Mandia explained. “If we hacked Putin’s email, what would happen? Nothing. It may even help him.” Aided by the prevalence of the digital payment system called bitcoin, cyber-related extortions are also on the rise, Mandia pointed out. “There is nothing good about anonymous currency in cyberspace,” he said.

 Information about 1.8 million Chicago voters exposed on Amazon server

he database file was discovered on Friday by a security researcher at Upguard, a company that evaluates cyber risk. The company alerted election officials in Chicago on Saturday and the file was taken down three hours later. The exposure was first made public on Thursday. The database was not overseen by the Chicago Board of Election but instead Election Systems & Software, an Omaha, Neb.-based contractor that provides election equipment and software to election officials nationwide.

 ICE: We don’t use stingrays to locate undocumented immigrants

Homan’s assertion about “always” being able to call 911 regardless of whether a stingray is in use also appears not to be consistent with an episode in Canada from May 2016. At that time, Canadian media reported on the Asian Assassinz trial in Toronto. In that case, Detective Shingo Tanabe swore in an affidavit that the Toronto Police would not keep its stingray on for more than three minutes at a time for fear of running afoul of Canadian telecom law and blocking possible 911 traffic.In August 2016, a Georgetown law professor filed a formal complaint to the Federal Communications Commission over the alleged disruption to the 911 system.

 No, the cops can’t get a search warrant to just seize all devices in sight – US appeals court

It’s a ruling sending shockwaves through the worlds of privacy, device security, and law enforcement in America. The US Circuit Court of Appeals in the District of Columbia on Friday overturned the conviction of a gang member because investigators obtained a search warrant for his devices without probable cause. In other words, crucial evidence obtained by investigators using a search warrant to seize and scan all phones and other gadgets on sight has been thrown out.

 Uber customers warned about smartphone virus that could steal their bank card information

Kaspersky Labs told the Sun Online that Uber users are “at risk” of malware dubbed Faketoken, which disguises itself in games and imitates Adobe Flash Player. Victims might have clicked on what appears to be a prompt to update their Flash plugin while watching a video on their phone. But they will have unwittingly downloaded Faketoken, which can live-track their apps. When a victim opens a ride-sharing app like Uber, Faketoken creates a fake window to steal their bank card details when they type them in.

 FBI pushes private sector to cut ties with Kaspersky

he FBI’s counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. […] Of particular interest are the Yarovaya laws and the System for Operative Investigative Activities (SORM), among others, which mandate broad, legally vague and permissive Russian intelligence agency access to data moving inside Russia with retention periods extending to three years. Companies have little course to fight back. U.S officials point to the FSB, the KGB’s successor, as the cryptography regulator in Russia, and say it puts an office of active agents inside Russian companies.

 Tor “can’t build free and open source tools” and stop racists from using them

We are disgusted, angered, and appalled by everything these racists stand for and do. We feel this way any time the Tor network and software are used for vile purposes. But we can’t build free and open source tools that protect journalists, human rights activists, and ordinary people around the world if we also control who uses those tools. Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us.

 Backdoor Found in Enterprise Software Used by Banks, Tech, and Energy Companies

Attackers waited for companies to download and install versions of the trojanized apps. Once they infected a victim, the attackers used the backdoored software to upload files on infected computers, store data in a virtual filesystem (VFS), and run apps and create processes to execute malicious code. The backdoor trojan communicated with the attackers’ command and control servers via DNS requests. It was this sudden surge in suspicious DNS requests that drew the attention of Kaspersky researchers and led to the backdoor’s discovery.

 Secret chips in replacement parts can completely hijack your phone’s security

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness.

 So long and thanks for all the phish: Red teams need to be smarter now

For example, internet-facing ADFS (Active Directory Federation Services) endpoints can be abused to gain entry to corporate environments without needing to trick staff into opening booby-trapped emails. Alternatively, pushing fake Skype updates through recently expired Microsoft domains offers another attack technique, according to security researchers Dominic Chell and Vincent Yiu. The pair showed how a tool called LinkedInt could be used to scrape the professionals’ social network LinkedIn during reconnaissance.

 Autistic Man Hacked Sports Direct Website To Get Employment

The motive behind the hacking was to show how easy it was to hack the system that they have been using. Polyik conducted the hacking spree between July and September 2016. However, his hacking obsession has landed him in jail as Polyik has been sentenced a 10-month long prison term and also received a suspension for a year. According to Judge Peter Cooke, Polyik carried out “determined hacking” by shutting down the Sports Direct website because of which the company had to bear the loss of thousands of pounds and pay a “significant” amount for getting the problem fixed.

 7 free tools every network needs

Fortunately, many good tools, both commercial and open source, are available to shine much-needed light into your environment. Because good and free always beat good and costly, I’ve compiled a list of my favorite open source tools that prove their worth day in and day out in networks of any size. From network and server monitoring to trending, graphing, and even switch and router configuration backups, these utilities will see you through.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.