|
IT Security Questions to Ask for the Great Return to the Workplace
With all the talk about “turning the economy back on” we need to think about what that looks like from an information security perspective. Originally as an Infragard contribution, Jenifer Clark and I worked up this set of considerations for bringing once-remote computers back into a corporate network. To the extent that's looking like a reality, here's a handy guide for planning capacity and extra security eyes as part of a risk-based intake plan.
https://www.scmagazine.com/home/opinion/executive-insight/it-security-questions-to-ask-for-the-great-return-to-the-workplace/
8 U.S. City Websites Targeted in Magecart Attacks
Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches. [...] When asked if any of the skimmers have been removed from the websites, researchers told Threatpost, “We don’t have access to that information.” However, they believe that these attacks started on April 10 of this year, and are still active.
https://threatpost.com/8-city-gov-websites-magecart/156954/
Spyware hidden in Chinese tax software was probably planted by a nation-state, say experts
The malicious code was extremely sophisticated, Hussey said. It had what he called a triple layer of persistence. It installed itself at two different locations on the network, and if one was deleted, the other one automatically kicked in. There was also a so-called protector module, which would download and install another copy in the event both were deleted. The software beaconed to a remote server at random intervals to evade detection, Hussey said.
https://www.nbcnews.com/tech/security/spyware-hidden-chinese-tax-software-was-probably-planted-nation-state-n1231975
UCSF Medical School Officials Pay Hackers $1.14 Million Ransom To Recover Stolen Data
ackers who attacked computer servers at the University of California at San Francisco School of Medicine were paid a ransom of more than $1 million so researchers could regain access to data that had been maliciously encrypted by malware, university officials announced Friday. The school’s Information Technology staff detected a security incident on June 1 and the affected areas, described as “a limited number of servers in the School of Medicine,” were isolated from the UCSF core network.
https://sanfrancisco.cbslocal.com/2020/06/28/cyber-attack-ucsf-medical-school-ransom/
COVID-19-triggered threat changes will linger beyond crisis, say most security pros
The experts point to changes stemming from the need to social distance as a source of potential threats, with 72% saying they were concerned about quarantined home workers breaking policy and exposing systems to risk. Two-thirds, meanwhile, said they believed current remote-access systems were "never built to carry such a level of secure data."
https://www.healthcareitnews.com/news/covid-19-triggered-threat-changes-will-linger-beyond-crisis-say-most-security-pros
Top 10 riskiest IoT devices for enterprises, according to Forescout
· Physical access control solutions
· HVAC systems
· Network cameras
· Programmable logic controllers
· Radiotherapy systems
· Out-of-band controllers
· Radiology workstations
· Picture archiving and communication systems
· Wireless access points
· Network management cards
https://securitybrief.eu/story/top-10-riskiest-iot-devices-for-enterprises-according-to-forescout
Ransomware is now your biggest online security nightmare. And it's about to get worse
The targets of the ransomware gangs have evolved, too. It's not just about PCs anymore; these gangs want to go after the really irreplaceable business assets too, which means file servers, database services, virtual machines and cloud environments. They'll also search out and encrypt any backups that organisations foolishly leave connected to the network. All of this makes it much harder for victims to recover -- unless of course they want to pay that ransom.
https://www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/
Cyberattacks rise in pandemic's 'perfect storm' — reminding banks of risks ahead
Attacks against the financial sector increased 238% globally from the beginning of February to the end of April, according to data by Carbon Black Inc., a unit of VMware Inc. that offers cybersecurity technology to financial institutions. Ransomware attacks grew ninefold in the period, with phishing emails the primary source.
https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/cyberattacks-rise-in-pandemic-s-perfect-storm-8212-reminding-banks-of-risks-ahead-59064396
Major US Companies Targeted in New Ransomware Campaign
"The attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks," Symantec warned. "As such, WastedLocker is a highly dangerous piece of ransomware." Symantec described the attacks as being carried out by Evil Corp., a Russian cybercrime group that has been previously associated with the Dridex banking Trojan and the BitPayment ransomware family.
https://www.darkreading.com/attacks-breaches/major-us-companies-targeted-in-new-ransomware-campaign/d/d-id/1338189
Bipartisan House bill would set up a White House cyber director
The National Cyber Director Act, introduced by Reps. Jim Langevin (D-R.I.), Mike Gallagher (R-Wis.), Carolyn Maloney (D-N.Y.), John Katko (R-N.Y.) Will Hurd (R-Texas) and Dutch Ruppersberger (D-Md.), would place the director as the principal advisor to the President on cybersecurity strategy and policy. It would also create two new deputy positions under the director, one to focus on planning and operations and another on strategy, capabilities and budget. The official would be appointed by the president and confirmed by the Senate.
https://fcw.com/articles/2020/06/25/johnson-white-house-cyber-bill.aspx
Leader Of Russian Cybercrime Ring Pleads Guilty
Infraud was created in 2010 by Svyatoslav Bondarenko, 34, of Ukraine, to promote and grow interest in the Infraud Organization as the premier destination for purchasing retail items with counterfeit or stolen credit card information online, the Justice Department alleged in the indictment. Using the slogan, “In Fraud We Trust,” the group directed traffic and potential purchasers to sites of its members, which served as online conduits to traffic in stolen identification, financial and banking information, malware and other illicit goods, according to the complaint.
https://www.pymnts.com/news/security-and-risk/2020/leader-of-russian-cybercrime-ring-pleads-guilty/
An Egyptian cyber attack on Ethiopia by hackers is the latest strike over the Grand Dam
In an extension of a bilateral dispute between Ethiopia and Egypt over the $4.8 billion Grand Ethiopian Renaissance Dam being built on the Nile River, Egyptian hackers launched a cyber attack on a number of Ethiopian government websites over the course of the past week. [...] The animosity has seen Ethiopia enter the crosshairs of Egyptian hackers numerous times in recent years. The hackers, who claimed to belong to the “Cyber_Horus Group,” left messages on the homepage of a Ethiopian regional police force training center, threatening war over the Nile and a “Pharaonic curse,” upon Ethiopians.
https://qz.com/africa/1874343/egypt-cyber-attack-on-ethiopia-is-strike-over-the-grand-dam/
How the founder of the Telegram messaging app stood up to the Kremlin — and won [Subsription]
Two years ago, Pavel Durov refused to grant Russian security services access to users’ encrypted messages on his popular Telegram messaging app, then a favorite of Russian opposition groups. The reply from authorities was either submit or become wiped off the country’s digital map. Neither happened. Using a combination of wily cyber-dodging tactics and the force of Telegram’s growing reach, the 35-year-old Russian-born entrepreneur humiliated and outmaneuvered Russia’s state telecommunications regulator, Roskomnadzor.
https://www.washingtonpost.com/world/europe/russia-telegram-kremlin-pavel-durov/2020/06/27/4928ddd4-b161-11ea-98b5-279a6479a1e4_story.html
Brit plod's use of facial-recognition tech is lawful, no need to question us, cops' lawyer tells Court of Appeal
"Over the years," Beer told the Court of Appeal, there was "an average of 22 per cent" of false matches made by NEC Neoface. A total of 220 false matches were reduced down to 48 wrongful "interventions" by police, according to the force's own figures. He said: "It shows that for 80 per cent of cases over the three years, officers themselves making the match have been able to weed out the cases where the machine has incorrectly made a comparison and suggested that the person is worthy of speaking to."
https://www.theregister.com/2020/06/26/face_recog_tech_legal_home_office_police_tell_court_appeal/
In reversal, Zoom says all users will have access to end-to-end encryption
“Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users,” Yuan writes in a company blog.
https://www.cyberscoop.com/zoom-end-to-end-encryption-free-paid/
AI experts say research into algorithms that claim to predict criminality must end
“Let’s be clear: there is no way to develop a system that can predict or identify ‘criminality’ that is not racially biased — because the category of ‘criminality’ itself is racially biased,” write the group. “Research of this nature — and its accompanying claims to accuracy — rest on the assumption that data regarding criminal arrest and conviction can serve as reliable, neutral indicators of underlying criminal activity. Yet these records are far from neutral.”
https://www.theverge.com/2020/6/24/21301465/ai-machine-learning-racist-crime-prediction-coalition-critical-technology-springer-study
Union Pacific tracks cyber risk via its own probability modeling methodology
Union Pacific’s cyber risk framework is based primarily on the concept of preserving the availability of 26 key businesses processes that keep the business running and trains safely operating on schedule. These include dispatching trains, processing customer orders and procuring supplies. These processes are, in turn, supported by 36 critical applications and over 200 supporting infrastructure items.
https://www.scmagazine.com/infosec-world-2020/union-pacific-tracks-cyber-risk-via-its-own-probability-modeling-methodology/
Docker Images Containing Cryptojacking Malware Distributed via Docker Hub
The now taken down Docker Hub account, named "azurenql," consisted of eight repositories hosting six malicious images capable of mining Monero, a privacy-focused cryptocurrency. The malware author behind the images used a Python script to trigger the cryptojacking operation and took advantage of network anonymizing tools such as ProxyChains and Tor to evade network detection. The coin mining code within the image then exploited the processing power of the infected systems to mine the blocks.
https://thehackernews.com/2020/06/cryptocurrency-docker-image.html
Twitter’s Covid Misinformation Filter Was So Broken It Became a Meme
Recently, conspiracy theories have been spreading the idea that 5G was causing coronavirus. On the platform, Twitter has been getting users to delete tweets that it believes may cause harm by advocating for unproven treatments or the destruction of 5G cell towers. Sometime before 5 AM until roughly noon, however, Twitter began tagging tweets that mentioned "oxygen" and "5G" with a warning: "Get the facts about COVID-19.”
https://www.vice.com/en_us/article/7kpkwe/twitters-covid-misinformation-filter-was-so-broken-it-became-a-meme
|
