IT Security News Blast 9-21-2017

Can MSSPs Help Address the Cyber Workforce Shortage for Healthcare?

A good MSSP can handle most, if not all, of the security tasks in your organization. Whether it’s actively probing internal networks or scouring intelligence reports and external data sources via hunt teams, MSSPs help organizations stay ahead of emerging threat activity. They can also assist organizations in preventing and recovering from ransomware attacks.

https://www.infosecurity-magazine.com/blogs/can-mssps-help-address-cyber/

Partnership hopes to help organizations better gauge 3rd party cyber risks

Integrating BitSight’s objective, quantitative measurements of companies’ security performance into the CyberGRX Exchange provides a comprehensive view of third-party cyber risk, the companies said. The combination of BitSight’s security ratings, generated through externally observable data, with CyberGRX’s third-party cyber risk assessments can enable organizations to make more informed decisions and scale their third-party risk programs, the companies added.

http://www.healthcareitnews.com/news/partnership-hopes-help-organizations-better-gauge-3rd-party-cyber-risks

SEC discloses cybersecurity breach

“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” he said. “Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.” The disclosure came as part of a broader statement by Clayton about cybersecurity.

http://www.politico.com/story/2017/09/20/sec-cybersecurity-breach-242956

Vodafone: Cybersecurity Enables New Business Opportunities

For instance, 89% of businesses said that improving cybersecurity would enhance customer loyalty and trust, while 90% said it would enhance their reputation in the market, potentially attracting new customers. Meanwhile, 89% said they felt better information security was a competitive differentiator that would help them win customers.

https://www.infosecurity-magazine.com/news/vodafone-cybersecurity-enables/

Meet APT33: A Gnarly Iranian Hacker Crew Threatening Destruction

Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation’s cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies. The APT33 group has been operational since 2013 and focused on the aerospace industry, successfully hacking firms with aviation in the U.S. and Saudi Arabia in the last year, researchers at cybersecurity company FireEye warned Wednesday. Petrochemical firms in South Korea and Saudi Arabia were also targeted, according to the firm’s report.

https://www.forbes.com/sites/thomasbrewster/2017/09/20/iran-hacker-crew-apt33-heading-for-destructive-cyberattacks/#6f0c96844a48

CCleaner targeted top tech companies in attempt to lift IP

Whoever is behind the malware then reviews the hosts its code has compromised. It then tries to infect some of those hosts with what Talos characterises as “specialized secondary payloads”. Those payloads sometimes seek out top tech companies: Talos said its examination of code on the C2 server lists targets including Cisco, Microsoft, Sony, Intel, VMware, Samsung, D-Link, Epson, MSI, Linksys, Singtel and the dvrdns.org domain, which resolves to dyn.org.

https://www.theregister.co.uk/2017/09/21/ccleaner_secondary_payload_targeted_top_tech_companies/

CISOs: Striving Toward Proactive Security Strategies

In the report, The Evolving Role of CISOS and Their Importance to the Business, we focus on key areas like budgetary control, organizational influence, decision rationale, and strategic methodology. In other words, how do CISOs succeed and how much power do they wield? We also delve into the background of CISOs and their experience, both in terms of technical capability and business savvy.

https://f5.com/labs/articles/cisotociso/trends/cisos-striving-toward-proactive-security-strategies

Software Has a Serious Supply-Chain Security Problem

“There’s a concerning trend in these supply-chain attacks,” says Craig Williams, the head of Cisco’s Talos team. “Attackers are realizing that if they find these soft targets, companies without a lot of security practices, they can hijack that customer base and use it as their own malware install base…And the more we see it, the more attackers will be attracted to it.”

https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/

More data lost or stolen in first half of 2017 than the whole of last year

Malicious outsiders (cybercriminals) made up the largest single source of data breaches (74 per cent) but accounted for only 13 per cent of all stolen, compromised or lost records. While malicious insider attacks only made up 8 per cent of all breaches, the amount of records compromised was 20 million, up from 500,000 in the previous six months. North America still makes up the majority of all breaches and the number of compromised records, both above 86 per cent.

https://www.theregister.co.uk/2017/09/20/gemalto_breach_index/

Apache bug leaks contents of server memory for all to see—Patch now

The vulnerability can be triggered by querying a server with what’s known as an OPTIONS request. Like the better-known GET and POST requests, OPTIONS is a type of HTTP method that allows users to determine which HTTP requests are supported by the server. Normally, a server will respond with GET, POST, OPTIONS, and any other supported methods. Under certain conditions, however, responses from Apache Web Server include the data stored in computer memory.

https://arstechnica.com/information-technology/2017/09/apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/

“Fake” net neutrality comments at heart of lawsuit filed against FCC

“As the agency is legally obliged to respond to my request, and as the underlying questions behind my request still haven’t been answered, I have filed a lawsuit against the FCC for [its] refusal to conduct a reasonably timely search for the records, and have demanded the release of these records,” Prechtel wrote in a blog post describing his court complaint on Friday.

https://arstechnica.com/tech-policy/2017/09/fake-net-neutrality-comments-at-heart-of-lawsuit-filed-against-fcc/

Report: Employees Outpace Fraudsters as Source of Cybersecurity Threats

The logical conclusion: Cybersecurity threats for small and midsize businesses are driven by active, malicious cybercriminals hell-bent on causing trouble. However, according to a new survey from Keeper Security and the Ponemon Institute, titled “The 2017 State of Cybersecurity in Small and Medium-Sized Businesses,” more than half of IT experts point to another source: employees.

https://securityintelligence.com/news/report-employees-outpace-fraudsters-as-source-of-cybersecurity-threats/

How Small Businesses Can Weather the Cybersecurity Skills Gap “Storm”

Instead of focusing solely on finding talent with the “right” technical experience, companies should be looking for employees with strong social skills. Individuals who not only exhibit confident body language, have a firm handshake and make consistent eye contact, but also know how to navigate difficult conversations with a variety of personalities and levels of management, from CEOs and CIOs to end users and vendors, are prime candidates for cybersecurity positions.

https://www.scmagazine.com/how-small-businesses-can-weather-the-cybersecurity-skills-gap-storm/article/685088/

Global Losses Thanks to Cyber-Attacks Amount to $4 Billion in H1 2017: Trend Micro 

According to the ‘2017 Midyear Security Roundup’ by global cyber-security firm Trend Micro, businesses are faced with increased ransomware, Business Email Compromise (BEC) scams and Internet of Things (IoT) attacks. Trend Micro detected more than 82 million ransomware threats, along with more than 3,000 BEC attempts in the first half of the year, highlighting the importance of cyber-security investments.

http://gadgets.ndtv.com/internet/news/global-losses-thanks-to-cyber-attacks-amount-to-4-billion-in-h1-2017-trend-micro-1753288

NCSC – Prepare for a ‘Category One’ cyber-attack

Noting that the recent WannaCry attack was only a Category Two attack by NCSC standards, Levy said that a Category One attack would strike without warning, and require a government-level response.  “Sometime in the next few years, we’re going to have our first Category One cyber incident – one where you need a national response,” he said. “The first thing that will happen is that it will come out that this is an unprecedented, sophisticated attack that couldn’t possibly be defended against.”

http://www.itproportal.com/news/ncsc-prepare-for-a-category-one-cyber-attack/

Equifax, data brokers ‘lackadaisical’ about cyber security: Report

“To them, information is a commodity and people are seen as data points instead of human beings,” he said in the report. “Data brokers continue to practice lackadaisical cybersecurity because they fail to connect the information lost in countless breaches to the lives impacted by adversaries’ campaigns. Equifax is yet another negligent data broker that has been compromised due to its failure to secure data according to its value, promote cyber-hygiene best practices, and implement layered defenses.”

http://www.businessinsurance.com/article/20170920/NEWS06/912315961/Equifax,-data-brokers-%E2%80%98lackadaisical%E2%80%99-about-cybersecurity-Institute-for-Critica

You lost your ballpoint pen, Slack? Why’s your Linux version unsigned?

“This means that anyone who has installed Slack on an RPM-based Linux system has effectively given root access to packages that contain unknown and unverified content. If Slack were to get owned in the same way as MeDoc in the Ukraine, all Slack users would just pull down hacked packages and merrily install them on the system, giving instant root access.”

https://www.theregister.co.uk/2017/09/21/slack_linux/

How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

An old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol was used by Positive Technologies researchers to access and steal data from a test account, which they had registered recently at Coinbase, a bitcoin exchange platform. It is thus, identified that through exploiting the SS7 flaw, an attacker could access text messages containing authentication codes and make financial transactions from the Bitcoin platform.

https://www.hackread.com/how-ss7-flaw-can-be-used-to-hack-gmail-bitcoin-wallet/

(Un)documented Word feature abused in phishing campaigns.

When opened the document sends a GET request to one of the internal links and that request contains information about the user’s device. The undocumented feature was identified only as INCLUDEDPICTURE field and was exploited in the malicious Word document formatted in OLE2 (Object Linking and Embedding). The OLE2 formatting allows authors to embed objects and link to multiple resources or other objects in a single Word document. The exploit is part of a multistage attack that involves gathering the system configuration data on targeted systems.

https://www.scmagazine.com/includedpicture-undocumented-word-feature-exploited-in-wild/article/689858/

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.