The Cyber Security Sentinel: July 2015

Wednesday, July 22, 2015

FTC Alert: Are you following the “leads”?

From the Federal Trade Commission:

Are you following the “leads”?

Ever complete an online application to get the best rate on a loan? Or enter your email address on a website to learn more about colleges you’d like to attend? Getting products and information this way can be convenient and very fast. But the information you share may go through the hands of middlemen you may not know exist.

It's official: The average DDoS attack size is increasing

From Help Net Security:

It's official: The average DDoS attack size is increasing

New global DDoS attack data from Arbor Networks shows strong growth in the average size of DDoS attacks, from both a bits-per-second and packets-per-second perspective.

Healthcare Hacker Attacks: The Impact

From Data Breach Today:

Healthcare Hacker Attacks: The Impact

The recent string of major hacker attacks in the healthcare sector, including the cyber-attack on UCLA Health, calls attention to the urgent need for organizations to step up their security programs.

Security experts say healthcare organizations need to carefully reassess their risks and then take appropriate security measures, which, in many cases, will include implementing multifactor authentication; improving breach monitoring and detection; and ramping up staff security education, among other steps.

600TB of data exposed due to misconfigured MongoDB instances

From Help Net Security:

600TB of data exposed due to misconfigured MongoDB instances

Shodan, the search engine that lets users find devices connected to the Internet, can be used for a number of different things. As its creator, John Matherly, pointed out, it's a means to measure things that couldn't be measured before, and gain new and very muh needed insights.

The latest of these is that there are nearly 30,000 instances of MongoDB on the Internet that don't have any authorization enabled, i.e. are easily accessible to unauthorized users.

Report: Spammers Hacked JPMorgan Chase

From Data Breach Today:

Report: Spammers Hacked JPMorgan Chase

The Manhattan U.S. Attorney's office has charged three men with running a pump-and-dump stock scheme that blasted out millions of spam emails per day to artificially "pump" up the price of penny stocks they owned, before the defendants allegedly "dumped" their stocks, making at least $2.8 million in profits. The scheme was reportedly also tied to hack attacks against financial services heavyweights JPMorgan Chase, Fidelity Investments and E*Trade Financial.

Separately, authorities also announced that two men have been arrested in Florida on charges that they ran an unlicensed online Bitcoin exchange that was used in part by cybercriminals based in the United States, Russia and beyond.

Passwords are not treated as critical to security

From Help Net Security:

Passwords are not treated as critical to security

Considering the cyber world we live in, it’s time to ask whether passwords can still be considered a reliable security component – and if so, how should they be used? Look no further than Major League Baseball (MLB) where the St. Louis Cardinals allegedly hacked into the database of rival team the Houston Astros. Law enforcement officials believe the Cardinals were able to easily access the Astros’ database by using a master list of passwords that was created by Jeff Luhnow, and continued to be used after Lunhow left his position with the Cardinals to become general manager of the Astros in 2011.

Patch your Chrysler vehicle before hackers kill you

This is a follow up to a piece I posted earlier today. Details on a patch released by Chrysler can be found in the article.

From Fox News:

Patch your Chrysler vehicle before hackers kill you

Fiat Chrysler last week quietly issued a software patch for critical security vulnerabilities related to its Uconnect vehicle-connectivity system. The vulnerablities were dramatically detailed in a Wired story that was posted Tuesday.

In the Wired piece, two "white hat" hackers remotely connected to a Jeep Cherokee as a reporter drove it down a Missouri freeway. They made the radio blast at full volume and turned on the windshield wipers, but also cut off the transmission as a truck approached and, later, disconnected the brakes, sending the Cherokee into a ditch.

FTC Charges LifeLock with Deception

From Data Breach Today:

FTC Charges LifeLock with Deception

The Federal Trade Commission says LifeLock has violated a 2010 settlement with the commission and 35 state attorneys general by continuing to make deceptive claims about its identity theft protection services and by failing to take steps to protect users' data.

After the FTC made the announcement on July 21, LifeLock's stock plummeted, dropping nearly 50 percent by the close of trading on the New York Stock Exchange. LifeLock markets a variety of identity theft protection and data breach alert services to consumers and risk management services to governments and businesses.

Hacking Team's RCS Android: The most sophisticated Android malware ever exposed

From Help Net Security:

Hacking Team's RCS Android: The most sophisticated Android malware ever exposed

As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware, and what capabilities other organized and commercial malware authors will soon be equipping their malicious wares with.

After having revealed one of the ways that the company used to deliver its spyware on Android devices (fake app hosted on Google Play), Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android).

FTC Alert: It’s NOT the FTC calling about the OPM breach

From the Federal Trade Commission:

It’s NOT the FTC calling about the OPM breach

If you’re an OPM data breach victim, you probably know to look out for identity theft. But what about imposter scams? In the latest twist, imposters are pretending to be the FTC offering money to OPM data breach victims.

Here’s how it works: A man calls and says he’s from the FTC and has money for you because you were an OPM data breach victim. All you need to do is give him some information.

Facebook can't say 'No' to New York, says New York

From Sophos Naked Security:

Facebook can't say 'No' to New York, says New York

Here's the story so far.

Back in 2013, New York (the state, not just the city) decided to take on a bunch of public servants it said were fraudsters.

The state alleged that close to 400 employees, including police officers, were benefits cheats, claiming illnesses and disabilities they didn't have.

FBI again thwarts Tor to unmask visitors to a Dark Web child sex abuse site

I'm all for privacy & anonymity on the Internet but this is definitely a huge score for the good guys. Way to go!

From Sophos Naked Security:

FBI again thwarts Tor to unmask visitors to a Dark Web child sex abuse site

The FBI has once again launched its harpoons into the Deep Web, piercing the anonymizing layers of Tor to drag out the identities of two New York men who were indicted earlier this month on charges of possessing child abuse images.

The FBI doesn't reveal how it bypasses Tor to track down the true IP addresses it's designed to obscure.

US-CERT Alert: Google Releases Security Update for Chrome

From US-CERT:

Google Releases Security Update for Chrome

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

Hardware encryption market revenue to reach $36.4 billion by end of 2015

From Help Net Security:

Hardware encryption market revenue to reach $36.4 billion by end of 2015

There are a variety of ways to secure data, either on the perimeter or within the LAN, but the most fundamental method in a defense-in-depth model is hardware encryption. The advantage of hardware-based solutions is that they bypass many of the typical drawbacks of software-based solutions like performance degradation or vulnerability to attacks aimed at the encryption key stored in memory.

Because encryption is available at drive-level, this solution is not dependent on any software or operating system used, and usually cannot be turned off by users.

Watch hackers remotely immobilize a car while it's traveling on a highway

From Network World:

Watch hackers remotely immobilize a car while it's traveling on a highway

Two hackers were able to remotely disable the transmission of a Jeep Cherokee while a Wired journalist was driving it at about 70 miles per hour on a highway.

How to apply threat intelligence feeds to remediate threats

From Help Net Security:

How to apply threat intelligence feeds to remediate threats

IT organizations are recognizing the value of threat intelligence feeds, and that’s good. Threat intelligence is a must-have for identifying malware and other threats that evade preventive security controls. But threat intelligence is only as good as how you apply it – and many organizations aren’t applying it in a way that enables them to get the full value.

The increasing number of threat intelligence companies is indicative of a growing market and proof that companies want threat intelligence. In a survey conducted by SANS, 75% of respondents said they find cyber threat intelligence important to security. Sixty-nine percent of respondents reported implementing threat intelligence in their IT environment.

Confessions of a Professional Cyber Stalker

From Tripwires State of Security blog:

Confessions of a Professional Cyber Stalker

I am honored to be presenting at DEF CON 23 this August in Las Vegas where I will be presenting a session titled “Confessions of a Professional Cyber Stalker.” In my talk, I will be discussing various technologies and methods I developed and used to track criminals leading to at least two dozen convictions.

Many times in the process of recovering stolen devices, larger crimes would be uncovered, including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones but often times, there was additional data that would need to be gathered for a conviction.

How gamers can help improve critical software security

From Help Net Security:

How gamers can help improve critical software security

There's now a game where sophisticated gamers can help improve security of the country’s critical software.

MiniDionis: Where a Voicemail Can Lead to a Malware Attack

From Tripwires State of Security blog:

MiniDionis: Where a Voicemail Can Lead to a Malware Attack

For just over a week, government departments, research institutes and other high-value targets have been on the sharp end of a sophisticated attack, where fake voicemails are being used to create a diversion while malware infects computer systems.

As security researchers at Palo Alto Networks’s Unit 42 division detail, it is believed the attack is being perpetrated by the same gang responsible for other malware campaigns including CrazyDuke, Seaduke, CozyDuke, MiniDuke, OnionDuke and CosmicDuke, all of which have deployed targeted attacks against governments in recent years.

Free tools for detecting Hacking Team malware in your systems

From Help Net Security:

Free tools for detecting Hacking Team malware in your systems

Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system.

It does so by looking for files associated with the recent Hacking Team breach. The tool is still in beta, and currently searches the system for 40 Windows executable and library files. The list is expected to expand as the company's researchers continue to review the leaked Hacking Team data.

The IoT Convergence: How IT and OT Can Work Together to Secure the Internet of Things

From Tripwires State of Security blog:

The IoT Convergence: How IT and OT Can Work Together to Secure the Internet of Things

In the past, information technology (IT) and operational technology (OT) were seen as two distinct domains of a business. The former focused on all technologies that were necessary to manage the processing of information, whereas the latter supported the devices, sensors and software that were necessary for physical value creation and manufacturing processes.

Proposed Wassenaar pact changes will harm cyber defenders instead of attackers

From Help Net Security:

Proposed Wassenaar pact changes will harm cyber defenders instead of attackers

The comment period for the proposed amendments to the Wassenaar Arrangement regarding "cybersecurity items" has ended, and the overwhelming majority of the 150+ comments submitted are negative.

As a reminder: the Wassenaar Arrangement includes 41 participating states, and was established to help promote transparency and responsibility in transfers of conventional arms and dual-use goods and technologies.

Microsoft issues critical out-of-band patch for flaw affecting all Windows versions

From Network World:

Microsoft issues critical out-of-band patch for flaw affecting all Windows versions

Happy Monday, IT folks. Ready to patch and then restart your machines? I hope so as Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected. It's being exploited in the wild and Microsoft admitted some of its customers could be attacked. It's not every day Microsoft releases an out-of-band patch, so when it does so instead of deploying the fix on Patch Tuesday, then it means patch now.

Cyveillance Weekly Cyber Security Trends Report – July 21, 2015

From the Cyveillance blog:

Cyveillance Weekly Cyber Security Trends Report – July 21, 2015

Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

2015 National Preparedness Month (NPM)

All security begins in the physical world. If an attacker can obtain physical access to your servers you're finished. At that point all you can do is hope & pray you have adequate disaster recovery (DR) and business continuity (BC) plans in place.

The same principal applies to natural disasters which is why I'm adding this to my blog. September is National Preparedness Month (NPM). Does your SOHO/SMB have DR & BC plans in place? How would your business survive a catastrophic event? Do you use a cloud backup service (i.e. Mozy, iDrive or Carbonite - NOTE: this is NOT an endorsement of these products in any way shape or form, they are offered for educational purposes only)?

If an event like a fire, earthquake or flood destroys you organizations office, or offices, are your critical servers physically located there? What would happen to your SOHO/SMB if they are destroyed by the event? If the hardware is hosted in a data center what would happen to your business if that hosting company suffered a catastrophic event? What would happen to you if they hosting company filed for bankruptcy?

These are just some of the things decision makers in your business need to plan for.

BE PREPARED!

From Ready.gov:

2015 National Preparedness Month (NPM)

September is National Preparedness Month. This year we are asking you to take action now – make a plan with your community, your family, and for your pets. Plan how to stay safe and communicate during the disasters that can affect your community. We ask everyone to participate in America’s PrepareAthon! and the national day of action, National PrepareAthon! Day, which culminates National Preparedness Month on September 30.

Tuesday, July 21, 2015

The psychic, the witch and San Francisco - IT security goes spiritual

From Sophos Naked Security:

The psychic, the witch and San Francisco - IT security goes spiritual

If there's something strange going on with your computer, who you gonna call?

Conventional wisdom would suggest the tech support department, but in San Francisco, convention isn't what it used to be.

Burglary suspect accidentally takes his own iPhone selfie video

From Sophos Naked Security:

Burglary suspect accidentally takes his own iPhone selfie video

Here's how his acting career began: First, he slipped in through an unlocked side door early on a Saturday morning.

Then, the burglary suspect spotted an iPhone and grabbed it.

Beyond the breaches: Understanding the Angler exploit kit

From Sophos Naked Security:

Beyond the breaches: Understanding the Angler exploit kit

The big security news stories these days are often about "this big breach", "that sneaky malware" or "these latest new exploits".

You can see why: many attacks involve some or all of these components.

For example, you can imagine the Target crooks at work, spending time figuring out the right trick to get in, breaching the perimeter, mapping the network, preparing their RAM-scraping malware, and then launching their attack over several weeks.

Hackers - New Generation of Cyber Weapons

Very good video. It runs just under an hour so make sure you have time.

Hackers - New Generation of Cyber Weapons

Cyveillance Phishing Report: Top Targets – July 20, 2015

From the Cyveillance Blog:

Cyveillance Phishing Report: Top Targets – July 20, 2015

Firm stops selling exploits after delivering Flash 0-day to Hacking Team

From ars technica:

Firm stops selling exploits after delivering Flash 0-day to Hacking Team

Security firm Netragard has suspended its exploit acquisition program two weeks after it was found selling a potent piece of attackware to the Italian malware developer Hacking Team.

Netragard has long insisted that it sold exploits only to ethical people, companies, and governments. An e-mail sent in March and leaked by one or more people who compromised Hacking Team networks, however, showed Netragard CEO Adriel Desautels arranging the sale of an exploit that worked against fully patched versions of Adobe's Flash media player. Hacking Team in turn has sold surveillance and exploit software to a variety of repressive governments, including Egypt, Sudan, and Ethiopia.

Hacking Team: police investigate employees over inside job claims

From The Guardian:

Hacking Team: police investigate employees over inside job claims

Italian police are investigating whether the attack on cyber-espionage firm Hacking Team, which exposed its dealings with repressive regimes and flaws in user software, could have been an inside job.
Investigative sources told Reuters they were considering the possibility that six former employees could be responsible for the attack on the company, which saw 400GB of private data dumped on the internet.

Internal emails reveal Hacking Team is working on a weaponized spying drone

From Security Affairs:

Internal emails reveal Hacking Team is working on a weaponized spying drone

Experts who are analyzing the Hacking Team internal emails discovered that the firm is working on the development of a weaponized drone.

Security experts are continuing to dig the leaked internal emails from the Hacking Team, last revelation is related to the development of an unmanned aerial vehicle with the ability to run cyber attacks on computers and mobile devices through Wi-Fi networks.

Phishing campaigns target US government agencies exploiting Hacking Team flaw CVE-2015-5119

From Security Affairs:

Phishing campaigns target US government agencies exploiting Hacking Team flaw CVE-2015-5119

A recent FBI memo warns phishing attacks targeted government agencies trying to exploit the CVE-2015-5119 vulnerability linked to Hacking Team data breach.

According to an FBI warning, hackers have targeted US Government agencies using a recently patched Adobe Flash vulnerability (CVE-2015-5119). The Adobe Flash vulnerability was one of the flaws discovered by analyzing the 400Gb archive stolen from the Hacking Team and leaked online by the hackers.

New Survey Reveals Critical Infrastructure Cybersecurity Challenges

From Market Watch:

New Survey Reveals Critical Infrastructure Cybersecurity Challenges

Aspen Institute, Intel Security Critical Infrastructure Survey Shows 86% of Respondents Want More Public-Private Cooperation; Of Those who Experienced Cyberattacks, 59% Reported Physical Damage

ASPEN, Colo., Jul 20, 2015 (BUSINESS WIRE) -- Information technology (IT) executives within critical infrastructure organizations see a need for public-private threat intelligence sharing partnerships (86% of respondents) to keep pace with escalating cybersecurity threats, according to a survey released today by The Aspen Institute and Intel Security. A majority (76%) of survey respondents also indicated they believe a national defense force should respond when a cyber attack damages a critical infrastructure company within national borders. Additionally, although most respondents agree that threats to their organizations are on the rise, they maintain a high degree of confidence in existing security.

Lack of digital talent adds to cybersecurity problems

From The Washington Post:

Lack of digital talent adds to cybersecurity problems

A big problem exposed by a massive data breach at the Office of Personal Management (OPM) is the woeful state of the federal government’s cybersecurity. It’s not comforting when the Obama administration’s chief information officer says Uncle Sam’s information technology needs bubble wrap and Band-Aids to help counter cyberattacks.

Silicon Valley wary of U.S. push for cyber security info sharing

Account required to read the entire article.

From Network World:

Silicon Valley wary of U.S. push for cyber security info sharing

The Obama administration negotiated an historic nuclear deal with Iran and reached an agreement to normalize relations with Cuba. Now comes the hard part – winning over Silicon Valley when it comes to sharing cyber security information.

In the wake so many well-publicized security breaches in both the private and public sectors, the U.S. government is stepping up its efforts to build bridges with the tech community.

Incidents at Federal Government Agencies increased more than 1,000 percent since 2006

No big surprise here.

From Security Affairs:

Incidents at Federal Government Agencies increased more than 1,000 percent since 2006

According to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006.

The document reports that in the fiscal year 2014, federal agencies suffered 67,168 cyber security incidents that exposed personally identifiable information (PII), meanwhile the number of incidents in 2006 was just 5,503 (+ 1,121%).

Monday, July 20, 2015

South Korea Intelligence Official Dead in Hacking Scandal

From Security Week:

South Korea Intelligence Official Dead in Hacking Scandal

A South Korean intelligence official has been found dead in an apparent suicide amid a growing political scandal over a covert hacking program used by the country's spy agency, police said Sunday.

The 45-year-old from the National Intelligence Service (NIS) was discovered dead in his car Saturday on a mountain road in Yongin, about 40 kilometers (25 miles) south of Seoul.

Adultery Website Ashley Madison Hacked in Shutdown Bid

From Security Week:

Adultery Website Ashley Madison Hacked in Shutdown Bid

Hackers breached the online adultery website Ashley Madison and threatened to expose data on users in an effort to shut down the service which claims millions of members worldwide.

Avid Life Media, which owns Ashley Madison, said in a statement Monday an "unauthorized party" was able to gain access to the data through various unauthorized points on the website.

Attacks on Critical Infrastructure Organizations Resulted in Physical Damage: Survey

From Security Week:

Attacks on Critical Infrastructure Organizations Resulted in Physical Damage: Survey

A total of 625 IT decision makers from public and private critical infrastructure organizations in the United States, France, Germany and the United Kingdom took part in a survey conducted by Vanson Bourne.

The survey has found that while critical infrastructure security experts agree that attack volume, number of breaches, and the rate of vulnerable code are increasing, many of the respondents stated that their own organizations have become less vulnerable. Only 27 percent of respondents said they feel very or extremely vulnerable today. In comparison, 50 percent of them stated that they felt this way three years ago.

More Retailers Hit by New Third-Party Breach?

From Data Breach Today:

More Retailers Hit by New Third-Party Breach?

CVS, Rite-Aid, Sam's Club, Walmart Canada and other large retail chains have suspended their online photo services following a suspected hack attack against a third-party service provider that may, in some cases, have resulted in the compromise of payment card data.

The suspected breach centers on PNI Digital Media Inc., a Vancouver-based firm that manages and hosts online photo services for numerous retailers. The incident serves as a reminder of the security challenges that organizations face when it comes to managing their third-party vendors and entrusting them with sensitive customer information.

The NYSE system crash was an infosec incident

From Help Net Security:

The NYSE system crash was an infosec incident

On Wednesday, July 8, a number of information systems suffered “glitches,” causing speculation that the US may be under a coordinated cyber attack. In the morning, United Airline grounded more than a thousand flights due to computer issues; around noon, the New York Stock Exchange (NYSE) suspended trading due to a “technical issue;” shortly after, the Wall Street Journal’s (WSJ) website went down; and during all this, the New York subway had train issues, and thousands of customers in D.C. lost power. It must be the Cyber Armageddon, right?

Are IT pros overconfident in their ability to deflect attacks?

From Help Net Security:

Are IT pros overconfident in their ability to deflect attacks?

IT executives within critical infrastructure organizations see a need for public-private threat intelligence sharing partnerships (86% of respondents) to keep pace with escalating cybersecurity threats, according to a survey by The Aspen Institute and Intel Security.

A majority (76%) of survey respondents also indicated they believe a national defense force should respond when a cyber attack damages a critical infastructure company within national borders. Additionally, although most respondents agree that threats to their organizations are on the rise, they maintain a high degree of confidence in existing security.

Twitter stock pumped by bogus story about $31 billion buyout offer

From Sophos Naked Security:

Twitter stock pumped by bogus story about $31 billion buyout offer

Fraudsters who posted a fake news story didn't even bother to spellcheck the name of Twitter's former CEO, but the story nonetheless briefly caused the company's stock to spike.

The article, rigged to look like it came from Bloomberg, appeared online on Tuesday.

It claimed the company had received a $31 billion buyout order (about £19.8 billion).

Why this doctor posted his medical history online for anyone to see

From Sophos Naked Security:

Why this doctor posted his medical history online for anyone to see

Would you want your friends and family to know your entire medical history?

How about sharing your personal health information with your employer, potential employers, insurance companies - anyone at all?

One doctor, John D. Halamka, MD, has posted his entire medical history online, and he wants others to do the same.

Does Siri have a secret signal to summon 911?

From Sophos Naked Security:

Does Siri have a secret signal to summon 911?

Siri, Apple's smooth talking voice assistant, seems to get more publicity that just about all other voice recognition systems put together.

We suspect there are lots of reasons.

Siri was the first widely-deployed speech recognition system that vaguely worked; she talks back to you in calm tones with a well modulated accent; she's (apparently) imperturbable; and to ask for her assistance, you can simply call her by name, as you might a friend.

FTC Alert: It’s criminal

From the Federal Trade Commission:

It’s criminal

You hear from us fairly often about imposter scams. In recent months, we’ve told you about IRS imposters, romance scams, and work-at-home scams. We always give you tips on how to spot and avoid these scams. We tell you about the cases we’ve brought to shut down the scammers. But, as a civil law enforcement agency, we don’t often get to tell you about the criminal charges brought against the scammers. Until today.

UCLA Health attacked, data on up to 4.5 million individuals at risk

From SC Magazine:

UCLA Health attacked, data on up to 4.5 million individuals at risk

UCLA Health announced on Friday that attackers accessed parts of its network containing personal and medical information on as many as 4.5 million individuals.

According to a release posted to the website, UCLA Health detected suspicious activity on its network on October 2014, and determined on May 5 that attackers accessed parts of the network containing information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information.

10 Trends In Infosec Careers And Staffing

From Dark Reading:

10 Trends In Infosec Careers And Staffing

Source: State of Cybesecurity: Implications for 2015 ISACA/RSA Conference Survey

This week the folks of Black Hat released the results of a survey of previous conference attendees to get the pulse of the security community on a number of fronts. Particularly illuminating were several of the answers to career-related questions. Most security pros surveyed reported that they're stable in the positions they're at and that they could definitely use more help in the way of increased staffing at their firms. It's a reflection of the overall infosec job market, where employers struggle to find enough qualified candidates and opportunities abound for the right candidates. We've put together the results from the Black Hat survey, along with a few other relevant studies out this year, to get a good picture of the market.

Why cyber should not be limited to cyber

From Business Reporter:

Why cyber should not be limited to cyber

Many emerging intelligence needs are not addressed by the offerings of the traditional IT security industry. Assessing a company’s reputation and how it may prompt attacks, understanding the motivations and beliefs of a threat actor, and discovering how a geopolitical event triggers the use of a new attack type promoted on social media all require access to and analysis of data that IT or product companies don’t provide. Yet, putting cyber-events in the context of the world at large is critical in order to understand and potentially predict future threats. The need for a more holistic approach to threat intelligence, beyond the technical parameters, is undeniable – and it’s there for the taking.

Open-source intelligence (OSINT) is not new, and making sense of data from publicly available sources is as relevant for cyber security as it is for other purposes. With a plethora of data everywhere about everything, access to data is no longer the issue. On the other hand, access alone is not the solution either. We live in times when availability of data is better than ever, yet the fear of having missed something continues to keep company executives awake at night. This disconnect can only be mitigated by broadening perspectives, recognising the need for change in internal processes, and using new technologies to find and unlock the information hidden in the vast volumes of data available today on the web.

Hacking Team used fake app hosted on Google Play to install its spyware on Android devices

From Help Net Security:

Hacking Team used fake app hosted on Google Play to install its spyware on Android devices

The massive Hacking Team data leak includes the source code of a fake Android news app and instructions on how to use it, Trend Micro researchers have found.

The app, dubbed BeNews after a now-defunct news site, was made available from Google Play, and it was downloaded 50 or less times until it was removed.

UK minister: Cyber-security a 'priority' for government, but no ban on encryption

From SC Magazine:

UK minister: Cyber-security a 'priority' for government, but no ban on encryption

Vaizey, minister of state at the department for culture, media and sport (DCM) and the department for business, innovation and skills (BIS), was the keynote speaker at an event hosted by think-tank Reform in London today, where he announced several new government initiatives while also talking up its digitalisation efforts and local cyber-security companies.

FTC Alert: Scammers Impersonate the Police

From the Federal Trade Commission:

Scammers Impersonate the Police

We know scammers are out there, impersonating the authorities and conjuring up different schemes to fool people into giving them money. They might say they’re calling from the IRS because you owe taxes. Or claim they’re from the FTC, calling to help you recover money lost to a scammer. But now we’re hearing about a new ploy: scammers are impersonating the police! That takes some chutzpah, huh? Here’s how it works.

ACLU asks appeals court to bar NSA bulk collection of data

From SC Magazine:

ACLU asks appeals court to bar NSA bulk collection of data

The American Civil Liberties Union (ACLU) has asked a federal appeals court in a brief filed Tuesday to bar the National Security Agency (NSA) from bulk collection of phone records.

“This dragnet surveillance program should never have been launched, and it should certainly be terminated now,” Jameel Jaffer, deputy legal director of the ACLU, said in a Tuesday release. “Not even the government contends anymore that the program has been effective, and the 2nd Circuit has already concluded that the program is illegal. It's a needless and unlawful intrusion into the privacy rights of millions of innocent Americans.”

Hershey provides additional information on payment card breach

From SC Magazine:

Hershey provides additional information on payment card breach

Payment cards used at certain Hershey Entertainment & Resorts Company (HE&R) properties may have been compromised.

The company said on Friday that a program was installed on devices in its payment card system and card data – including cardholder names, card numbers, expiration dates and verification codes – could have been captured.

Evans Hotels announces payment card incident involving malware

From SC Magazine:

Evans Hotels announces payment card incident involving malware

California-based Evans Hotels – which operates Bahia Resort Hotel, Catamaran Resort Hotel and Spa, and The Lodge at Torrey Pines – announced that malware was installed on computers at the front desks of its properties that could have compromised payment card data.

Army National Guard breach affects 850K, not related to OPM

From SC Magazine:

Army National Guard breach affects 850K, not related to OPM

Personal information from more than 850,000 current and former Army National Guard members may have been compromised, according to a Friday release.

The data "was inadvertently transferred to a non-[Department of Defense]-accredited data center by a contract employee," as part of a budget analysis, Maj. Earl Brown, a National Guard Bureau spokesman, said in the release.

GAO Test Finds HealthCare.gov Enrollment Flaws

From InfoSecurity.com:

GAO Test Finds HealthCare.gov Enrollment Flaws

A government watchdog agency expects to make recommendations this fall for how application and enrollment controls on HealthCare.gov can be improved after a recent "undercover" test determined it was easy for 11 fictitious applicants to fraudulently enroll in subsidized Obamacare coverage.

At a July 16 Senate Committee on Finance hearing, Seto Bagdoyan, director of the Government Accountability Office's forensic audits and investigative service, testified that a review of application and enrollment controls of HealthCare.gov for 2014 and 2015 found weaknesses that allowed 11 of 12 fake GAO applicants to enroll for subsidized healthcare coverage, despite failing to submit required verification documents.

Friday, July 17, 2015

ACLU asks appeals court to bar NSA bulk collection of data

How to Properly Manage Identities and Secure Documents Within Government Agencies

From Data Breach Today:

How to Properly Manage Identities and Secure Documents Within Government Agencies

Public Key Infrastructure (PKI) enables users to securely and privately exchange data shared through a trusted authority. Though it has been around for years, it has recently come back into the spotlight with Gartner's research entitled "PKI's New Lease on Life in Mobility and the Internet of Things." The value of PKI can be summed up in one word - TRUST.

Fighting Back Against Retail Fraud

From Data Breach Today:

Fighting Back Against Retail Fraud

Financial institutions feel the pain of recent retail breaches, and they seek new ways to secure payments and fight fraud. But how can security leaders influence changes within their own organizations?

This retail fraud message is resonant within the Faces of Fraud survey results. But it begs the question: How can leaders put these results to work?

Brits Arrest Alleged Fed Reserve Hacker

From Data Breach Today:

Brits Arrest Alleged Fed Reserve Hacker

British police have re-arrested Lauri Love, who's been charged with 2012 and 2013 hack attacks against U.S. government computers, including systems operated by the Federal Reserve, U.S. Army and NASA. But Love plans to fight extradition.

Love, 30, was arrested at his house in Suffolk, England, near London on July 15 by the London Metropolitan Police's Extradition Unit, based on a U.S. extradition warrant. No charges have been filed against him by U.K. authorities.

New GamaPoS malware targets US companies

From Help Net Security:

New GamaPoS malware targets US companies

After dedicating their efforts to swelling the number of computers roped into their malicious net, the masters of the Andromeda botnet are putting it to use by delivering a new family of PoS malware to as many PoS systems as they can.

The systems get infected with the Andromeda backdoor after users either open a malicious attachment or visit a site hosting an exploit kit. In the former example, the attachments are often disguised as documents needed for PCI DSS compliance or updating the company's Oracle MICROS platform.