|
[VIDEO] NewsJacker November 2018: Midterm Elections, Healthcare Cybersecurity Programs, Data Privacy Trends, and More
November was an interesting month, no doubt. In my latest episode of NewsJacker, I cover headlines from this past month, including the midterm election, recent research on healthcare orgs lacking comprehensive cybersecurity programs, trends in data privacy, and more, all in 7 minutes. Check it out.
https://ci.security/news/article/video-newsjacker-november-2018-midterm-elections-healthcare-cybersecurity-programs-data-privacy
Securing and managing the enterprise Internet of Things
The first step towards minimizing risk is to segment networks to reduce their exposure to the bad guys. I advocate for smart segmentation, i.e., do it in such a way you can observe their activity and behavior. This is often best achieved by using firewalls, so that the communications can be monitored and analyzed.” In the long run, better awareness and management is key to improve the security of IoT devices in the enterprise. “Companies should select vendors that care about security to ensure the lifecycle of exploits and patches can be closed, similar to how PCs and Macs are managed,” he adds.
https://www.helpnetsecurity.com/2018/12/12/secure-enterprise-iot/
Infamous Shamoon malware re-emerges
Chronicle discovered a file containing Shamoon uploaded to its VirusTotal database. VirusTotal runs free scans on files using major antivirus scanners. The antivirus companies, in return, get access to valuable samples of malware that get uploaded.
The new Shamoon was set to detonate on Dec. 7, 2017, at 11:51 pm, but only uploaded yesterday.
Chronicle notes that attackers may have set the attack date to the past — perhaps by changing 2018 to 2017 — in order to start an attack immediately.
Another possibility, said Brandon Levene, head of applied intelligence at Chronicle, is that the malware was compiled in the past as part of preparations for a later attack.
https://www.axios.com/infamous-shamoon-malware-re-emerges-14911c5b-11e0-4bea-8549-1dc8a6f93848.html
CISO’s Mission Resonates with Healthcare Peers
The vision of a standardized method to assess the risk management posture of third party suppliers to healthcare firms envisioned by the recently-formed Provider Third Party Risk Management Council is gaining momentum[.] Led by Governing Members consisting of prominent Chief Information Security Officers (CISOs) throughout the healthcare sector, the Council and its growing number of participants are adopting a consistent approach that address the issues affecting information security-related risks in their organization’s supply chain and safeguarding patient safety and information.
https://www.apnews.com/24bf8aa0780f464a82b2c2d4e90b2c2c
Malware Attack Hits University of Maryland Medical System
UMMS’ IT team proactively disable several IT systems to prevent the malware from spreading and taking hold, officials told HealthITSecurity.com. By leaning on its “self-initiated IT service disruption” downtime procedures, the hospitals were able to maintain operations and ensure patient safety. [...] The cyberattack impacted about 250 of the system’s 27,000 devices, primarily desktop computers, officials told the Baltimore Sun. Those devices were quarantined.
https://healthitsecurity.com/news/malware-attack-hits-university-of-maryland-medical-system
Credit Card System Hack Led to HIPAA Breach Report
Payment-related security incidents qualify as reportable breaches under the HIPAA Breach Notification Rule because they involve the exposure of identifiers that are considered protected health information, notes privacy attorney Kirk Nahra of the law firm Wiley Rein. [...] Upon discovery of the incident, the hospital says it immediately notified its vendor and terminated credit card processing through the company. An investigation determined the inappropriate computer intrusion occurred between Sept. 22 and 29, the hospital says.
https://www.bankinfosecurity.com/credit-card-system-hack-led-to-hipaa-breach-report-a-11830
AccuDoc data incident highlights ‘growing calamity’ of third-party breaches
North Carolina-based Atrium, which operates more than 40 hospitals and 900 healthcare facilities in the US, said the breach was the result of attackers gaining unauthorized access to a patient database hosted by AccuDoc Solutions, a third-party provider of payment processing solutions. The incident hit regional headlines and was widely reported by specialist security and healthcare outlets. However, one aspect of the incident that was somewhat overlooked was the fact that this breach impacted not one, but two organizations.
https://portswigger.net/daily-swig/accudoc-data-incident-highlights-growing-calamity-of-third-party-breaches
Cyberattack sidelines Middle East servers of Italian energy contractor Saipem
Italian oil and gas industry contractor Saipem S.p.A. has reportedly confirmed that a Monday cyberattack impacted its servers and infrastructure in the Middle East as well as in Scotland. The specific nature of the attack has not yet been shared, but Saipem’s head of digital and innovation Mauro Piasere said that it originated from Chennai, India, according to Reuters. Roughly 400 servers were affected, a Bloomberg report added, with operations impacted in the United Arab Emirates, Saudi Arabia and Kuwait, as well as in Aberdeen, Scotland.
https://www.scmagazine.com/home/security-news/cyberattack-sidelines-middle-east-servers-of-italian-energy-contractor-saipem/
Cybersecurity’s C-suite dreams are made of these
Historically, the CISO has reported to the CIO in an organisation and this is often still the case today. Given that the CIO will have the best overall understanding of cybersecurity – and that the CISO is expected to secure IT systems and data under the umbrella of IT – it makes sense for this to be the case. It’s important to remember, however, that, because their agendas are so closely aligned, CIOs often have competing priorities that may affect the CISO’s cybersecurity agenda. For instance, when it comes to budget, the CIO may prioritise infrastructure and development over the CISO’s security priorities.
https://www.itproportal.com/features/cybersecuritys-c-suite-dreams-are-made-of-these/
Finally, a meaningful congressional report on stemming cybersecurity attacks
The Cybersecurity Strategy Report released on December 7 sidesteps the crises du jour by taking a bigger picture, practical and non-partisan view of what’s going wrong and how to fix things. It seeks to articulate how “traditional information technology (IT) strategies seem largely ineffective at stemming the growing tide of cybersecurity incidents.” “The priorities [in the report] are based in sound concepts and embrace proven approaches to improve cyber safety, security, and resilience[.]”
https://www.csoonline.com/article/3327242/security/finally-a-meaningful-congressional-report-on-stemming-cybersecurity-attacks.html
Is US military cloud safe from Russia? Fears over sensitive data
He says there are huge risks to storing such classified information on a public, commercially-held cloud run by just one company. "We have our nuclear codes, where our troops are going to be from one day to the next. If the cloud's security is breached, then our enemies could use our information against us. They could be waiting for us." The Pentagon had to explain to Congress why it was only offering the contract to a single company, with calls for a cloud of this size to be run by multiple service providers to spread the risk of security breaches.
https://www.bbc.com/news/world-us-canada-46489689
Why Microsoft is fighting to stop a cyber world war
Smith's answer is that governments should stand up for the protection of the civilians and civilian infrastructure, and safeguard the internet in general from cyber attacks. Indeed, over the last couple of years, Microsoft has been increasingly vocal about its concerns that cyber attacks are spilling over and affecting businesses and consumers. [...] It asks, among other things, that states do not target tech companies, the private sector or critical infrastructure with cyber attacks, that they should report vulnerabilities to vendors rather than stockpile them, that they make sure that cyberweapons are limited and precise in their effect, and to commit to non-proliferation of such weapons.
https://www.zdnet.com/article/why-microsoft-is-fighting-to-stop-a-cyber-world-war/
Trump administration makes big push against Chinese hackers
In addition to the indictments over digital breaches, which The Wall Street Journal and POLITICO reported last week, “the administration is planning to declassify intelligence relating to the breaches, which date to 2014, and to sanction some of those believed responsible,” the Post said on Tuesday. It also reported that the indictments will charge hackers linked to China’s Ministry of State Security, which U.S. officials say has picked up the slack from military operators who backed off following China’s 2015 promise to cease IP theft.
https://www.politico.com/newsletters/morning-cybersecurity/2018/12/12/trump-administration-makes-big-push-against-chinese-hackers-453619
Automatically finding new cybersecurity threats with Open Source Intelligence
These challenges can be addressed by exploiting the recent advances in machine learning for extracting information from big data. The H2020 DiSIEM project is devising a set of tools and services capable of solving these problems. The objective is to extract Indicators of Compromise (IoCs) from OSINT and feed this information as events to security information and event management (SIEM) systems and threat intelligence tools, allowing externally-collected information to be correlated with internal events obtained from the organisation infrastructure.
https://www.openaccessgovernment.org/finding-cybersecurity-threats-with-open-source-intelligence/55608/
Google must sway Congress on regulations or tech will face 'direct threat,' says cybersecurity expert
Google could run into problems with privacy policies if Congress is more receptive to consumer advocates than to the company's views on regulations, former Facebook privacy and public policy advisor Dipayan Ghosh told CNBC on Tuesday. "If things do go in that direction, then I think the business model underlying Google, and companies like Google, will be under a more direct threat," he said on "Closing Bell."
https://www.cnbc.com/2018/12/11/google-must-sway-congress-on-privacy-or-face-threat-cyber-expert.html
Was your phone imaged by border agents? They may still have the data
According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed." Investigators checked an unspecified number of drives across five ports of entry around the country. "Based on our physical inspection, as well as the lack of a written policy, it appears [Customs and Border Protection’s Office of Field Operations] has not universally implemented the requirement to delete copied information, increasing the risk of unauthorized disclosure of travelers’ data should thumb drives be lost or stolen," the OIG wrote. Border searches of such devices have been on the rise since 2016, with no discernible explanation as to why.
https://arstechnica.com/tech-policy/2018/12/was-your-phone-imaged-by-border-agents-they-may-still-have-the-data/
Britain approved £2.5m of snooping kit exports to thoroughly snuggly regime in Saudi Arabia
Politics Home also reported that "previous UK exports of spy tech have included controversial IMSI Catchers", which are used to precisely identify who is in a given location by exploiting mobile phone telecoms specs to make handsets give up their unique IMSI numbers to a fake base station operated by state agents. Such equipment has obvious uses in a tightly-controlled country ruled by theocrats.
https://www.theregister.co.uk/2018/12/12/britain_2_5m_spytech_exports_saudi_arabia/
Data Privacy Disruption In The U.S.
AT&T, Google, Amazon, Twitter and Apple recently testified in Senate hearings in favor of a unified privacy and data security law covering consumer personal data. They each offered their own frameworks -- a simplified version of GDPR -- but there is agreement on some ideas: calling for a standard definition of personal information, letting consumers access and correct their personal data (deleting information as needed) and setting basic data security standards.
https://www.forbes.com/sites/forbestechcouncil/2018/12/12/data-privacy-disruption-in-the-u-s/#13c52ba115cc
Researchers find over 40,000 stolen logins for government portals
Russian cybersecurity firm Group-IB discovered login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logins may have already been sold on underground hacking forms. As the researchers pointed out, “Even one compromised government employee’s account can lead to the theft of commercial or state secrets.”
https://www.csoonline.com/article/3327209/security/researchers-find-over-40000-stolen-logins-for-government-portals.html
Nasty Android malware found stealing its victims’ PayPal funds
The malware was first discovered in November 2018, and seems to be a combination of the functioning of a remotely controlled banking Trojan. It has a unique capability of exploiting Android Accessibility services using which it manages to target the official PayPal app. It hides in a battery optimization tool called Optimization Android and third-party apps stores as well as some apps on the Play Store are responsible for distributing it.
https://www.hackread.com/android-malware-steals-paypal-funds-of-victims/
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs. Discovered and reported by security researchers at Kaspersky, the zero-day attack exploits an elevation-of-privilege (EoP) bug in the Windows Kernel (ntoskrnl.exe) that could allow malicious programs to execute arbitrary code with higher privileges on the targeted systems.
https://thehackernews.com/2018/12/microsoft-patch-updates.html
|
