Copy
CI Security

IT Security News Blast – 2-7-2020

Emotet can spread to poorly secured Wi-Fi networks and computers on them

After the malware infects a computer that has Wi-Fi capability, it uses the wlanAPI interface to discover any Wi-Fi networks in the area: a neighbor’s Wi-Fi network, a free Wi-Fi network at a café, or a Wi-Fi network of a nearby business. “Even if those networks are protected with a password required to join, the malware tries a list of possible passwords and if one of the guessed passwords works to connect to the Wi-Fi network, it will join the infected computer to that network,” Pargman explained.

https://www.helpnetsecurity.com/2020/02/06/emotet-spread-wi-fi-networks/

 

Hackers Can Wreak Havoc on Medical Devices, But Manufacturers Can Fight Back

As companies design their devices, they must make them as secure and redundant as possible to protect them from ransomware and other attacks. Companies must also consider how long they need to keep data and implement a policy to ensure no-longer needed data is either disposed of immediately or thoroughly anonymized as soon as possible.

https://news.bloomberglaw.com/health-law-and-business/insight-hackers-can-wreak-havoc-on-medical-devices-but-manufacturers-can-fight-back

 

In a dusty corner of Israel, hackers change cancer records to test defences

While medical staff are busy, the students insert a $40 (€36) hacking device into a floor cable and, in seconds, breach the hospital's computer system. From the waiting room area, they are able to change the CT scan of a patient by 'inserting' a tumour. They also 'remove' a tumour from another scan, making the patient appear cancer-free. The fake scans are so real that by "using deep learning, an attacker can fool expert radiologists and even state-of-the-art AI, 98pc of the time in the case of lung cancer".

https://www.independent.ie/business/technology/in-a-dusty-corner-of-israel-hackers-change-cancer-records-to-test-defences-38930354.html

 

The time I sabotaged my editor with ransomware from the dark web

These days, prospective attackers don’t have to create their own ransomware; they can buy it. If they don’t really know how to use it, they can subscribe to services, complete with customer support, that will help coordinate attacks for them. [...] Search for “ransomware as a service” or “RaaS” in the dark-web chatrooms that function as both forums and bazaars, and you’ll get pages and pages of hits. In the public imagination, hackers are Mephistophelian savants. But they don’t have to be, not with ransomware.

https://www.bloomberg.com/features/2020-dark-web-ransomware/

 

Cyber attacks could cause financial crisis, says ECB chief Christine Lagarde

Ms Lagarde said an operational outage that destroyed or encrypted the balance accounts of a major financial institution could trigger a liquidity crisis. “History shows that liquidity crises can quickly become systemic crises,” she said. “The ECB is well aware that it has a duty to be prepared and to act pre-emptively.”

https://www.independent.co.uk/news/business/news/cyber-attack-financial-crisis-christine-lagarde-ecb-a9322556.html

 

Congressmen Assert Further Need For Security In American Financial Sector

Their concerns are not unfounded, as both the FBI and the Department of Home Security have issued warnings regarding Iranian-backed attacks over recent weeks. If even one major bank in the US is breached, it may comprise the entirety of the American financial sector. As such, both Congressmen have given the notice to require federal financial bodies to propose tailored security strategies by March 2020.

https://techbullion.com/congressmen-assert-further-need-for-security-in-american-financial-sector/

 

This latest phishing scam is spreading fake invoices loaded with malware

Like previous Emotet attacks, the malware is delivered via phishing emails which contain a malicious Microsoft Word document. This time, the email subject lines are based around invoices, bank details and other financial subjects – common terms to attract the attention of workers in the financial sector. The attachment claims the user needs to 'enable content' in order to see the document; if this is done it allows malicious macros and malicious URLs to deliver Emotet to the machine.

https://www.zdnet.com/article/this-latest-phishing-scam-is-spreading-fake-invoices-loaded-with-malware/

 

U.S. Military Members, Families Hit With Hacks From Russia, Terror Orgs

Volkman's family was attacked in 2015 by Russian-backed hackers posing as ISIS terrorists. The hackers stole her personal information—including credit card information—and sent her family threats via social media. Volkman is now driving an effort to force Congress to enact legislation that would protect families like hers from similar cyber attacks.

https://freebeacon.com/national-security/u-s-military-members-families-hit-with-hacks-from-russia-terror-orgs/

 

US Weapons-Makers Plagued by Industrial Espionage, Cyberattacks, Report Finds

The U.S. defense industrial base received a "mediocre C" report-card grade as it struggles to stay ahead of adversaries, such as China, that rely on stealing American military secrets to remain competitive, according to a new report from the National Defense Industrial Association (NDIA). [...] Defense contractors have "endured brazen acts of industrial espionage and data breaches by state and non-state actors in recent years," the report states, adding that cyber vulnerabilities within information systems have led to increased security breaches.

https://www.military.com/daily-news/2020/02/05/us-weapons-makers-plagued-industrial-espionage-cyberattacks-report-finds.html

 

Obama admin was ill-prepared for Russian election meddling: Senate intel report

The partially redacted report also said President Barack Obama’s national security adviser, Susan Rice, told her staff to put on hold contingency plans for possible cyber retaliation against Russia over the interference. The administration’s decision to stand down had been previously reported. The 54-page report is the third installment of a five-part series by the committee examining the scale of Russia’s interference in the 2016 election and follows three years of extensive investigation.

https://www.nbcnews.com/politics/elections/obama-admin-was-ill-prepared-russian-election-meddling-senate-intel-n1131501

 

Russia engaging in 'information warfare' ahead of 2020 election, FBI chief warns

That effort, which involves fictional personas, bots, social media postings and disinformation, may have an election-year uptick but is also a round-the-clock threat that is in some ways harder to combat than an election system hack, Wray said. “Unlike a cyber-attack on an election infrastructure, that kind of effort – disinformation – in a world where we have a first amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online,” Wray said.

https://www.theguardian.com/us-news/2020/feb/06/russia-hacking-information-warfare-election-2020

 

The Riyadh Statement: A Set of Recommendations for a Better Cyberspace

Organized by the National Cybersecurity Authority (NCA) under the patronage of Custodian of the Two Holy Mosques King Salman bin Abdulaziz, the forum hosted global policymakers, businesses, investment firms and international organization representatives to discuss how the world’s collective cybersecurity should be enhanced. During the conference, Saudi Arabia announced the adoption of two major initiatives on the protection of children in the cyber world and the empowerment of women in cyber security.

https://aawsat.com/english/home/article/2117891/riyadh-statement-set-recommendations-better-cyberspace

 

FBI Warns of Cyber-Based Romance Scams

"Victims may be hesitant to report being taken advantage of due to embarrassment, shame or humiliation. It’s important to remember, romance scams can happen to anyone at any time," says the FBI. If you suspect your online relationship is a scam, cease all contact immediately. If you are a victim who has already sent money, immediately report the incident to your financial institution, file a complaint with the FBI’s Internet Crimes Complaint Center (www.ic3.gov), and contact law enforcement.

https://www.securitymagazine.com/articles/91673-fbi-warns-of-cyber-based-romance-scams

 

Twitter hands over student’s account to his college

The account’s rightful owner is 20-year-old SUNY student Isaiah Kelly. As first reported by Business Insider, last week, Kelly had to use his personal Twitter account to vent about having been shut out of the parody account, which he uses to poke fun at the school’s social media presence, news and messages to students. But it was neither the school nor hackers who took over the account and forced through an unrequested change to the associated email address, thus locking Kelly out. It was, in fact, Twitter, having royally screwed up when enforcing its own policy about impersonation accounts.

https://nakedsecurity.sophos.com/2020/02/04/twitter-gave-access-to-students-account-to-his-college/

 

Washington Privacy Act welcomed by corporate and nonprofit actors

The bill, called the Washington Privacy Act, also improves upon its earlier 2019 version, providing stronger safeguards on the use of facial recognition technology. According to some analysts, when compared to its coastal neighbor’s data privacy law—the California Consumer Privacy Act, which went into effect this year—the Washington Privacy Act excels. Future of Privacy Forum CEO Jules Polonetsky called the bill “the most comprehensive state privacy legislation proposed to date.”

https://blog.malwarebytes.com/privacy-2/2020/02/washington-privacy-act-welcomed-by-corporate-and-nonprofit-actors/

 

Ancestry.com rejected a police warrant to access user DNA records on a technicality

DNA profiling company Ancestry.com has narrowly avoided complying with a search warrant in Pennsylvania after a search warrant was rejected on technical grounds, a move that is likely to help law enforcement refine their efforts to obtain user information despite the company’s efforts to keep the data private. Little is known about the demands of the search warrant, only that a court in Pennsylvania approved law enforcement to “seek access” to Utah-based Ancestry.com’s database of more than 15 million DNA profiles.

https://techcrunch.com/2020/02/04/ancestry-warrant-dna-records/

 

NIST tests methods of recovering data from smashed smartphones

And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means nothing if the internal memory chips remain in working order. The forensic engineers who help police gather evidence understand this even if it’s not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of evidence. With more and more evidence now sitting on smartphones, a better understanding of what works and what doesn’t has suddenly turned into an urgent issue.

https://nakedsecurity.sophos.com/2020/02/04/nist-tests-methods-of-recovering-data-from-smashed-smartphones/

 

Cisco Flaws Put Millions of Workplace Devices at Risk

The flaws lie in the implementation of a mechanism known as the Cisco Discovery Protocol, which allows Cisco products to broadcast their identities to each other within a private network. [...] And since all Cisco products use CDP, one vulnerability can be used to automatically and simultaneously target many devices at once, or to take over crucial devices like network switches and move laterally from there.

https://www.wired.com/story/cisco-cdp-flaws-enterprise-hacking/

 

Amid High Profile Hacks, Teams Strengthen Cybersecurity Efforts

On January 28, 15 NFL teams’ social media accounts – including both Super Bowl LIV contestants, the Kansas City Chiefs and San Francisco 49ers – began posting strange messages. It was the work of OurMine, a Saudi hacker group, who not only gained access to the team accounts but to the main @NFL account as well. This incident shined a spotlight on the issue of cybersecurity for teams and leagues, especially given the sheer amount of information that every franchise compiles – from player and fan data to opposing teams’ scouting reports.

https://frntofficesport.com/cybersecurity-pro-sports/

 

THE FBI DOWNLOADED CIA’S HACKING TOOLS USING STARBUCK’S WIFI

One of the most interesting details from the yesterday’s Joshua Schulte trial involved how the FBI obtained the Vault 7 and Vault 8 materials they entered into evidence yesterday. Because the FBI did not want to download the files onto an existing FBI computer (in part, out of malware concerns) and because they didn’t want to use an FBI IP address, they got a new computer and downloaded all the files at Starbucks.

https://www.emptywheel.net/2020/02/05/the-fbi-downloaded-cias-hacking-tools-using-starbucks-wifi/



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast