|
Red Cross appeals to hackers to stop hitting hospitals
A letter published Tuesday and signed by a group of political and business figures said: "Such attacks endanger human lives and governments must take 'immediate and decisive action' to stop them." the letter stated. Peter Maurer, president of the International Committee of the Red Cross said: "We are hoping that the world’s governments will step up to affirm their commitments to the international rules that prohibit such actions.” Microsoft President Brad Smith and former US Secretary of State Madeleine Albright are among the 42 co-signers of the letter initiated by the non-government CyberPeace Institute whose mission is to prevent the internet from becoming “weaponised”.
https://www.fudzilla.com/news/50894-red-cross-appeals-to-hackers-to-stop-hitting-hospitals
If someone could stop hackers pwning medical systems right now, that would be cool, say Red Cross and friends
In an email to The Register, Mike Hamilton, CISO at CI Security, a cybersecurity biz focused on the health sector, expressed skepticism that miscreants will moderate their behavior because the ICRC has raised the alarm but suggested that more international cooperation might help. [...] "However, if governments talk and make some agreements this may have the potential to start treating our logical borders like our physical borders: if you don’t maintain a standard of behavior (speaking to country X), we lock out your legit business traffic and your business leaders can go scream to [political] leaders to fix things."
https://www.theregister.co.uk/2020/05/26/red_cross_coronavirus_hacking/
Vets: Good for InfoSec, Great for CI Security
Healthcare Exec, and Air Force Veteran, Drex DeFord discusses the values and traits that make Veterans ideal for civilian careers in information security. One of CI Security’s strengths comes from a great team that has Veterans in important leadership roles throughout our organization. CI Security has intentionally pursued Veterans in transition since we started in 2012 as MK Hamilton & Associates. Today, CI Security is committed to supporting and recruiting Veterans for civilian jobs in information security.
https://ci.security/resources/news/article/vets-good-for-infosec-great-for-ci-security
The Problem with Artificial Intelligence in Security
[An] algorithm that finds way more "bad stuff" than you ever did before might not be as good as it sounds. All ML algorithms have a false-positive rate (identifying events as "bad" when they are benign), the value of which is part of a trade-off between various desired behaviors. Therefore, you tend to still need a human to triage these results — and the more "bad" the algorithm finds, the more events there are for your team member to assess.
https://www.darkreading.com/threat-intelligence/the-problem-with-artificial-intelligence-in-security/a/d-id/1337854
It is time to protect our frontline institutions from cyber attacks
Nowhere is this more apparent than among state and locally owned and operated public hospitals. Healthcare facilities like these, which make up nearly 20 percent of the United States’ community hospitals, are among those being targeted by cyber-attacks. These healthcare facilities have long lacked the resources to adequately secure and maintain their digital infrastructure, even as attacks against state and local governments have trended upwards.
https://thehill.com/opinion/cybersecurity/499463-it-is-time-to-protect-our-frontline-institutions-from-cyber-attacks
75% Of Cybersecurity Pros Say Remote Work Drove Dramatic Change in Financial Services Cyber Programs, FS-ISAC Poll Finds
The poll gauged which trends driven by the pandemic had the most impact on their cybersecurity programs.
Key findings include:
- Digital banking tools were ready to securely handle a huge increase in volume as only three percent of respondents saw these tools driving significant program changes
- Eleven percent of respondents said third party risk concerns led to dramatic change
- Forty-six percent reported their financial institution is likely to invest more in cybersecurity post-pandemic
https://www.prnewswire.co.uk/news-releases/75-of-cybersecurity-pros-say-remote-work-drove-dramatic-change-in-financial-services-cyber-programs-fs-isac-poll-finds-850090451.html
COVID-19: WEF says cybersecurity measures no longer theoretical ‘nice-to-haves’ for businesses
According to the WEF’s ‘COVID-19 Risks Outlook: A Preliminary Mapping and its Implications’ study, cyberattacks and data fraud are considered the most likely technological risks of COVID-19 for the world. The WEF said it has developed five principles to support business leaders reinforce the cyber resilience of their organisations in an unforeseen and instantaneous new reality, as all leaders and organisations have been forced to adapt business models faster than anyone was prepared for, to ensure existential survival.
https://www.financialexpress.com/economy/covid-19-wef-says-cybersecurity-measures-no-longer-theoretical-nice-to-haves-for-businesses/1971179/
Android Malware Alert: EventBot Targeting Financial Banking Apps
Once installed, it can break into more than 200 finance and banking apps, including PayPal, HBSC, Capital One, and Coinbase. It can even intercept text messages containing security codes used as a second form of authentication. Even more horrifying, the app seems to be altering itself every few days in order to up the ante and cause even more destruction. [...] Once activated, EventBot begins to query a series of apps, looking for login and other information. It can also harvest data and record keystrokes or taps to gain access to passwords and account logins[.]
https://www.androidheadlines.com/2020/05/android-malware-alert-eventbot-targeting-financial-banking-apps.html
Russian cyberspies use Gmail to control updated ComRAT malware
Using Gmail for command-and-control purposes fits right in with other exploits of the Russian-speaking Turla group (also tracked as Waterbug, Snake, or VENOMOUS BEAR) seeing that they are known for using unorthodox methods of achieving their cyber-espionage goals. [...] "ESET has found indications that this latest version of ComRAT was still in use at the beginning of 2020, showing that the Turla group is still very active and a major threat for diplomats and militaries."
https://www.bleepingcomputer.com/news/security/russian-cyberspies-use-gmail-to-control-updated-comrat-malware/
Are Air-Gapped Networks Enough to Stop Malware? They Might Not Be for Long
Dubbed “Ramsay” for a name that appears repeatedly in the code, the new malware was discovered by researchers at the ESET cybersecurity firm of Slovakia. It was first spotted in the VirusTotal online anti-malware aggregator, apparently sourced from somewhere in Japan. The researchers then found two additional versions by combing TotalVirus, with each version adding a feature that the previous version did not have. Though the malware is being directed at targets by a threat actor, ESET believes that it is still under development and that there have been few victims as of yet.
https://www.cpomagazine.com/cyber-security/are-air-gapped-networks-enough-to-stop-malware-they-might-not-be-for-long/
German intelligence agencies warn of Russian hacking threats to critical infrastructure
A Kremlin-linked hacking group has continued its long-running efforts to target German companies in the energy, water and power sectors, according to a confidential German government advisory obtained by CyberScoop. Investigators earlier this year uncovered evidence of the hackers’ “longstanding compromises” at unnamed German companies, according to the memo that German intelligence and security agencies sent last week to operators of critical infrastructure.
https://www.cyberscoop.com/german-intelligence-memo-berserk-bear-critical-infrastructure/
Cyberattacks target Israeli labs working on coronavirus vaccine
Cyberattacks have been reported on other vaccine research centers around the world, including in the US and UK. Some of the attacks have been blamed on Russia and China. Important aspects of the country’s efforts to develop a vaccine for the coronavirus are networked and are vulnerable to a variety of cyberattacks, Israel National Cyber Directorate (INCD) Chief Yigal Unna said in April.
https://www.jpost.com/israel-news/cyberattacks-target-israeli-labs-working-on-coronavirus-vaccine-629303
Lawmakers Demand Details on Fighting China-Linked Hacking
The signers of that letter include Thom Tillis, R-N.C., Richard Blumenthal, D-Conn., Ben Sasse, R-Neb., and John Cornyn R-Texas. The senators pose three questions about the battle against the hackers:
- What legal tools or additional statutory authority do the FBI and CISA need to better combat state-sponsored hacking of American companies?
- Do the two agencies need additional money or resources to counter these threats?
- What steps are CISA and the FBI taking to work with these companies to alert them of these threats, and what can both agencies due to improve cybersecurity within research and healthcare facilities conducting COVID-19 research?
https://www.govinfosecurity.com/lawmakers-demand-details-on-fighting-china-linked-hacking-a-14337
Roughly half the Twitter accounts pushing to 'reopen America' are bots, researchers found
- The researchers analyzed over 200 million tweets discussing COVID-19 and found that roughly half the accounts were likely bots.
- They identified the bots by looking for accounts that tweeted more frequently than humanly possible or whose location appeared to rapidly switch among different countries.
- It's unclear who's behind the surge in bot activity or whether they're originating from the US or abroad.
https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5
Signal secure messaging can now identify you without a phone number
Basing the identity of accounts on a phone number makes a lot of sense, not least because a phone number is something you can easily and cheaply acquire in many countries, and it guarantees that the user has a satisfactory way of verifying their identity. But in some countries, getting hold of a phone number isn’t an easy process, and may involve proving not only your identity but also your address. Indeed, getting hold of an “anonymous” SIM card, or using an improperly registered one, is a criminal offence in some jurisdictions.
https://nakedsecurity.sophos.com/2020/05/22/signal-secure-messaging-can-now-identify-you-without-a-phone-number/
House expected to vote on search and browsing privacy this week
The Lofgren/Davidson amendment would strengthen rules against this kind of thing, helping to ensure that "foreign" intelligence surveillance is actually limited to foreigners. Intelligence agencies could still spy on Americans' browsing histories if they needed to, but they'd need to convince a judge to issue a warrant—a more demanding process that helps to check abuse of government surveillance powers.
https://arstechnica.com/tech-policy/2020/05/browsing-and-search-history-protections-gain-momentum-in-the-house/
This new iOS jailbreak tool can unlock even the latest iPhones
The new jailbreak works on iPhones that run on the iOS 11 operating system onwards, including devices running iOS 13.5, which was released only days ago. According to figures published by Apple, 94% of iPhones currently run on iOS 12 or iOS 13, which means the new jailbreaking kit is compatible with nearly all Apple phones in circulation.
https://www.techradar.com/news/this-new-ios-jailbreak-tool-can-unlock-even-the-newest-iphones
New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps
Dubbed 'Strandhogg 2.0,' the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers. StrandHogg 1.0 was resided in the multitasking feature of Android, whereas the new Strandhogg 2.0 flaw is basically an elevation of privilege vulnerability that allows hackers to gain access to almost all apps.
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html
Trend Micro Research Finds Trust Lacking Within the Cybercriminal Underground
The report also reveals the changing market trends for cybercrime products and services since 2015. Commoditization has driven prices down for many items. For example, crypting services fell from US$1,000 to just $20 per month, while the price of generic botnets dropped from $200 to $5 per day. Pricing for other items, including ransomware, Remote Access Trojans (RATs), online account credentials and spam services, remained stable, which indicates continued demand.
https://business.financialpost.com/pmn/press-releases-pmn/business-wire-news-releases-pmn/trend-micro-research-finds-trust-lacking-within-the-cybercriminal-underground
|
