Copy
CI Security

IT Security News Blast – 10-15-2019

[EVENT] “MDS Second Annual Cybersecurity Conference” in New York City on Oct. 30
The CI Security team is proud to sponsor the upcoming MDS Cybersecurity Conference in NYC. This event will highlight current threats, trends, and new cybersecurity technologies that every business should know about. Join us for a half-day of panels and exhibition to meet with industry leaders and partners of MDS. Register today!
https://www.eventbrite.com/e/mds-second-annual-cybersecurity-conference-tickets-72976385333
 
Culture Change, Processes Crucial for Effective Risk Management
What's been more prevalent is our third parties have been impacted. And we do rely on our third parties for various parts of our business. And when those get impacted, then we do feel the pain. The principal agent problem, that’s what’s missing. It’s an issue where, say you’re my agent and you’re acting on my behalf. We want to set up the relationship as such that when I win, you win, and when I lose, you lose. So now we’re going to be aligned. What’s going to hurt me would also hurt you. It’s a shared view of risk.
https://healthitsecurity.com/news/culture-change-processes-crucial-for-effective-risk-management
 
Outdated Medical Devices Receive Warning by FDA on Vulnerability to Cyber Hackers
The FDA is current cooperating with “various stakeholders and subject matter experts to obtain a better understanding” of the risks and pointing out which medical devices that are vulnerable to cyber hacks.  “However, due to the complexities in how the code from the IPnet third party software component was incorporated into various medical devices and the availability of the exact operating system versions impacted, it will be difficult to develop a comprehensive list of affected devices[.]”
https://www.financialbuzz.com/outdated-medical-devices-receive-warning-by-fda-on-vulnerability-to-cyber-hackers/
 
5 things security executives need to know about insider threat
1. Don’t underestimate the business threats that stem from within
2. Disengaged employees are usually grown, not hired
3. Disengaged employees exhibit warning signs
4. Continuous evaluation enables leaders to compliantly see employee risk indicators
5. Early and ongoing discovery enables leaders to intervene before behaviors escalate
https://www.helpnetsecurity.com/2019/10/14/insider-threat-essentials/
 
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
What companies don't understand is that it takes a village to launch a good attack, and cybercriminals have sophisticated and connected networks that give them easy access to a host of compromised credentials from various disconnected attacks. When combined, fraudsters have a significant amount of customer data at their fingertips — from financial and bankruptcy status to Social Security numbers to even beauty preferences and consumer biometrics, as exposed in the Sephora and Suprema breaches. Criminals have unprecedented levels of insight into customers, which can be weaponized for future cyberattacks.
https://www.darkreading.com/attacks-breaches/the-connected-cybercrime-ecosystem-and-the-impact-of-the-capital-one-breach/a/d-id/1336006
 
Trucking Industry Ranks Fifth Among Businesses For Cyber Threats
"The transportation sector was the second-most targeted industry in 2018," she said during a panel discussion at the American Trucking Association's Management Conference & Exhibition on October 6. The number of potentially suspicious events swelled from 800,000 in 2015 to 800 million in 2018. [...] "Ransomware is very often the last piece," Reynolds said. "Many times, they will crawl through your financial system to see how much you can afford."
https://finance.yahoo.com/news/trucking-industry-ranks-fifth-among-152620836.html
 
Russia cyber aggression fuels tensions with west
UK authorities last year exposed “a campaign by the GRU . . . of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport”, affecting a large number of countries, including Russia, according to the Foreign Office and the NCSC.  Mike Beck, global head of threat analysis at cyber group Darktrace, says Russia’s cyber policy has switched, from information gathering to offensives and disrupting important industries.
https://www.ft.com/content/0aa7a6e0-ca52-11e9-af46-b09e8bfe60c0
 
Cyber War Between Iran and United States Could Have Far-Reaching Implications
Oil from the Middle East is the lifeblood of the world’s economy, and the U.S. has been careful to avoid chaos in the region. Which brings us to where we are today: on the threshold of a major new cyber war between two heavily armed powers with plenty of offensive cyber strike capabilities on both sides. The only question, really, is which targets the U.S. plans to hit next. The Iranian oil ministry, for example, has said that cyber retaliation would likely come against Iranian oil targets, and warned that the nation’s oil industry should be on “high alert” for U.S. cyber attacks.
https://www.cpomagazine.com/cyber-security/cyber-war-between-iran-and-united-states-could-have-far-reaching-implications/
 
NATO Allies Need to Come to Terms With Offensive Cyber Operations
Allies do not agree on the appropriate procedures and boundaries for offensive cyber operations. More specifically, there is no agreement on when military cyber organizations can gain access to systems and networks in allied territory to disrupt adversarial activity. As I have argued previously, this issue may end up causing significant loss in allies’ trust and confidence. My proposed solution: NATO allies should establish memoranda of understanding on offensive cyber effects operations in systems or networks based in allied territory.
https://www.lawfareblog.com/nato-allies-need-come-terms-offensive-cyber-operations
 
Does cyber security cross the line when crossing borders?
Such efforts, which are gaining ground across the world, stretch from social media screening for visa applications to biometric recognition in airport security and border control, according to Mana Azarmi, policy counsel at the Center for Democracy and Technology.  Screening travellers based on their social media accounts “jeopardises free speech and freedom of association . . . and can be incredibly chilling of free speech and academic freedom”, says the digital rights non-profit adviser.
https://www.ft.com/content/7c4cf402-ca53-11e9-af46-b09e8bfe60c0
 
Building China's Comac C919 airplane involved a lot of hacking, report says
A Crowdstrike report published today shows how this coordinated multi-year hacking campaign systematically went after the foreign companies that supplied components for the C919 airplane. [...] Crowdstrike claims that the Ministry of State Security (MSS) tasked the Jiangsu Bureau (MSS JSSD) to carry out these attacks. The Jiangsu Bureau, in turn, tasked two lead officers to coordinate these efforts. One was in charge of the actual hacking team, while the second was tasked with recruiting insiders working at aviation and aerospace companies.
https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/
 
China Slams 800M+ Internet Users With Facial Recognition Monitoring To Get Online
This latest dystopian use of facial recognition in China itself pushes the technology into a frightening place. As the West ties itself up in knots over this “Big Brother” tech for tame use cases by comparison, the real front line against dystopian surveillance in the East and not difficult to find. The technology promises to make enforcement of “real name” registration much harder to avoid or defraud. MIIT has been on a mission to make this work since 2010, this time they may finally crack it.
https://www.forbes.com/sites/zakdoffman/2019/10/12/facial-recognition-will-restrict-mobile-internet-use-for-800m-peoplefrom-december/#255735197d2a
 
California Attorney General Outlines How State Will Enforce Upcoming Privacy Law
GDPR applies to all firms handling EU residents' personal data; CCPA is limited to companies with gross annual revenues in excess of $25 million, that handle the personal data of more than 50,000 consumers, or derive more than 50% of annual revenue from selling consumers' personal information. [...] Thus, if the Cambridge Analytica incident had occurred under GDPR, Facebook could potentially have faced a fine of up to $1.6 billion. Under CCPA, the theoretically maximum potential fine could have been 87 million times $7,500 -- or more than $50 billion.
https://www.securityweek.com/california-attorney-general-outlines-how-state-will-enforce-upcoming-privacy-law
 
Delete These Android Adware Apps Hiding on Your Phone
If you have any of these 15 sneaky apps on your Android device, it’s time to go on a digital hunt and delete them. According to Sophos, these adware apps are doing everything they can to hide themselves on your device and inject crappy advertising into everything you do—and more than 1.3 million devices worldwide have at least one of these apps installed.
https://lifehacker.com/delete-these-android-adware-apps-that-try-to-hide-on-yo-1839027549
 
Microsoft Defender 'Tamper Protection' reaches general availability
According to Microsoft, with Tamper Protection, malicious apps won't be able to:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turn off behavior monitoring
  • Disable Defender's antivirus components (such as IOfficeAntivirus (IOAV))
  • Disable cloud-delivered protection
  • Remove security intelligence updates

https://www.zdnet.com/article/microsoft-defender-tamper-protection-reaches-general-availability/
 
Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages
Chrome 79, which will be fully released in December, will move the setting to unblock mixed content to Site Settings, in place of the current shield icon. Chrome 80, set for early release in January 2020 and full release around seven weeks later, will auto-upgrade HTTP links for video and audio to HTTPS – and block them if they do not load. Images will still load but will cause a "Not secure" tag to appear in the address bar. Chrome 81, set for early release in February 2020, will extend this to images.
https://www.theregister.co.uk/2019/10/08/google_chrome_will_block_http_content_mixed_into_https_pages/
 
Stratfor hacker Hammond held in contempt for refusing to answer grand jury questions
I never agreed to be debriefed or testify in any way, unlike the government’s informant Hector Monsegur, aka Sabu,” who only received a year of probation. “In my case, the government, through its informant, Sabu, instigated numerous hacks, asking me to break into governments and companies all over the world,” Hammond said. “Nearly a decade later, this misconduct remains ignored. The NSA continues to surveil everyone and launch cyberattacks” while “Chelsea Manning and I are doing hard time in this dump for the “crime” of refusing to allow our spirits to break, after ‘serving’ our sentences for exposing government and corporate corruption.”
https://www.scmagazine.com/home/security-news/stratfor-hacker-hammond-in-contempt-for-refusing-to-answer-grand-jury-questions/
 
Imperva cloud firewall pwned, D-Link bug uncovered – plus more
Security house Imperva says that back in October of 2018 an attacker got hold of an API that was then used to access an AWS database containing customer emails along with hashed and salted passwords. [...] Fortinet has issued a warning over new security vulnerabilities in D-Link routers that can be exploited to hijack this equipment. The command-injection flaw is present in the DIR-655, DIR-866L, DIR-652, and DHP-1565 lines. Unfortunately for users, these devices are end-of-life, so there won't be any firmware updates coming.
https://www.theregister.co.uk/2019/10/14/infosec_roundup/
 
Pitney Bowes hit by cyber-attack
Disruption extended to customers using fulfillment, delivery and returns services in the global e-commerce division and those using presort services. Several customers said on Twitter Monday that their shipping-and-mailing meters were not working. “Pitney Bowes got hacked, and our postage meter is being held hostage,” Andrea Dembo tweeted at about 7 a.m.
https://www.stamfordadvocate.com/business/article/Pitney-Bowes-hit-by-cyber-attack-14519978.php



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast