IT Security News Blast 9-28-2017

How Cybersecurity Professionalization Will Impact Your Career
University of Washington Center for Information Assurance and Cybersecurity is kicking off Cybersecurity Awareness Month with a Fireside Chat with Diana Burley, Ph.D. Executive Director of the Institute for Information Infrastructure Protection (I3P).  Continuing Education Units and light refreshments are provided gratis. Seating is limited to 90.
Register here

Deloitte breach tied to lack of multifactor authentication for admin account
The hackers were able to get into the network by cracking the password on an admin account that didn’t require a two-step authentication. That access provided the cybercriminals with unrestricted access to all areas and privileged data. The staff emails were stored in the Azure cloud service, a Microsoft service. In addition to emails, hackers could have potentially accessed architectural diagrams for businesses and health information. Some emails also had attachments with sensitive security and design details. The hackers only focused on the United States.

Cyber attacks on healthcare continue to increase
The disruption caused by WannaCry and another example, NotPetya, to healthcare systems, in particular, was well publicised. When turning on infected devices, users were asked for payments to remove the ransomware.  […] “It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” said Samani. “However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. “If the motive was disruption then both campaigns were incredibly effective. “We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.”

SEC launches new unit to combat cyber-related misconduct
The Cyber Unit, which is part of the SEC’s Enforcement Division, will target market manipulation schemes involving false information spread through electronic and social media. It will also investigate hacking, violations involving distributed ledger technology and initial coin offerings, misconduct perpetrated using the dark web, intrusions into retail brokerage accounts, and cyber-related threats to trading platforms and other critical market infrastructure.

Exclusive: N.Y. regulator subpoenas Equifax over massive breach
New York’s Department of Financial Services (DFS) sent the subpoena to Equifax on Sept. 14, said the person, who declined to be named because the matter has not been made public. The subpoena seeks documents related to the hack that compromised the personal data of up to 143 million Americans, details on when Equifax learned of the breach and what actions it took after it was discovered, as well as other information, the person said.

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards
Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores, KrebsOnSecurity has learned.

Internet Organized Crime Threat Assessment (Europol)
This year’s report highlights how cybercrime continues to grow and evolve, taking new forms and directions, as demonstrated in some of the attacks of unprecedented scale of late 2016 and mid-2017. It further highlights the progressive convergence of cyber and serious and organised crime, supported by a professional underground service economy.

New US Army Manual Shows It’s Worried About Russia’s Hybrid Warfare Tactics
Unfortunately, as the guide notes in its foreword, America’s potential enemies have not spent the past decade and a half or more idle. The Russian military in particular “barely resembles its former Soviet self” and in many ways has organized itself to match, or at least mitigate, the U.S. military’s often superior technological capabilities.

What We Know About Russia’s Use Of Twitter In 2016 Propaganda Campaign
There are a few facts about Russian-linked activity on Twitter during the 2016 campaign we already know thanks to published reports, but there’s much more that remains unclear. Answers to some of those unanswered questions could emerge from Twitter’s closed-door meeting with the Senate Intelligence Committee on Wednesday.

The Worldwide Struggle to Claim Cyber Sovereignty
“The internet is ultimately useful to achieve at least three things: collaboration, competition, and conflict. In the case of collaboration, it is generally more useful if we don’t describe boundaries and if we don’t withhold information from certain parties. Collaboration is best done without preconditions,” says Chris Inglis, former Deputy Director of the NSA. “But if you bias your views towards the internet towards competition or conflict – where knowledge is power – then you want to exercise some degree of control over that information.

Proposed California Broadband Internet Privacy Act Put On Ice
In the wake of President Trump’s revocation of the FCC privacy rules, California and other states began proposing legislation aimed at implementing the core components of the failed FCC rules at the state level.  For example, the California bill proposed similar opt-in consent requirements, prohibiting an ISP from disclosing a consumer’s sensitive proprietary information without first obtaining consent.

Computer scientists address gap in messaging privacy
The solution, called DECIM (Detecting Endpoint Compromise in Messaging), addresses the question of what to do when the attacker is in a position to intercept all of your messages on a long-term basis. Both your Internet Service Provider and messaging service operator are in such positions – all your messages pass through their servers – so that if they obtained your keys, they would never be locked out of a conversation, and you would never know.

Current Threats to the Homeland (FBI Director testimony)
Virtually every national security and criminal threat the FBI faces is cyber-based or technologically facilitated. We face sophisticated cyber threats from foreign intelligence agencies, hackers for hire, organized crime syndicates, and terrorists. These threat actors constantly seek to access and steal our nation’s classified information, trade secrets, technology, and ideas—all of which are of great importance to our national and economic security.

Which security investments make a difference?
Among the most effective categories in reducing losses from cyber crime are security intelligence systems, defined as tools that ingest intelligence from various sources that help companies identify and prioritize internal and external threats. They delivered substantial cost savings of $2.8 million, higher than all other technology types included in this study.

Apple just released new information about how facial recognition on the iPhone X works
Mogull wrote in a blog post in September that the point of a security system like Face ID is not to create an uncrackable system. The point is to allow users to use a strong, long password, but to have the convenience of no password most of the time. To be useful, a system like Face ID would need to eliminate so-called “false positives” — or when the iPhone lets in a user that’s not the intended user. Apple says the chance of that happening at random is 1 in 1 million.

Remote Wi-Fi Attack Backdoors iPhone 7
“The exploit gains code execution on the Wi-Fi firmware on the iPhone 7,” said Google Project Zero researcher Gal Beniamini, whose comments were part of a bug report made public Tuesday. “Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip),” Beniamini said.

Fuzzing Reveals Over 30 Web Browser Engine Flaws
The tests led to the discovery of 33 security bugs, two of which affect multiple browsers. Specifically, two flaws were identified in Chrome’s Blink engine, four in Firefox’s Gecko, four in Internet Explorer’s Trident, six in EdgeHtml, and 17 in Safari’s WebKit. “Apple Safari is a clear outlier in the experiment with significantly higher number of bugs found. This is especially worrying given attackers’ interest in the platform as evidenced by the exploit prices and recent targeted attacks,” the researcher said.

CCleaner Malware: Here is the Full List of Affected Companies
As apparent, the most infected bots are 13 computers located on the network of Taiwan based ISP Chunghwa Telecom and the company ranked second on the list with ten computers is a Japan-based IT firm NEC while the third on the list is Samsung with five computers. The companies having two computers infected with the second-stage malware include ASUS, Sony and Fujitsu and one infected computer was identified on the networks of Singtel,, VMWare, Intel, and O2.

Researchers find 7 percent of all Amazon S3 servers exposed
[AWS] may be turning into a victim of its own success by making it too easy for anyone to set up a server. Amazon has effectively removed an entry barrier of technical savviness and now because it is so simple, there needs to be a change in paradigms to compensate, Vezina added. “Seasoned system administrators would usually be able to navigate complex settings and build secure systems in the cloud,” Vezina said. “Less experienced staff, or staff under pressure to deliver working systems, may however forget a critical setting in the process, thereby exposing thousands, or even millions of records.”

Security cameras show ‘HACKED’ instead of live feed video
“Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account,” Monte Crypto warned. “The vulnerability poses a severe risk [and] is trivial to exploit.” […] The first thing a person trying to help would likely suggest is to change the default or weak password, but that won’t fix the problem this time. Monte Crypto explained, “In addition to gaining full administrative access, the vulnerability can be used to retrieve plain-text passwords for all configured users.”



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.