Copy
CI Security

IT Security News Blast – 10-30-2019

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer

Linux kernel dev Greg Kroah-Hartman reckons Intel Simultaneous Multithreading (SMT) - also known as hyper-threading - should be disabled for security due to MDS (Microarchitectural Data Sampling) bugs. [...] Open BSD was right, he said. "A year ago they said disable hyper-threading, there's going to be lots of problems here. They chose security over performance at an earlier stage than anyone else. Disable hyper-threading. [...] "You can steal data across applications. You can steal data across virtual machines. And across 'secure enclaves', which is really funny. Inside Intel chips there is something called SGX [Software Guard Extensions] where you can run code that nobody else can see, it's really porous.

https://www.theregister.co.uk/2019/10/29/intel_disable_hyper_threading_linux_kernel_maintainer/

 

New Vendor Cyber Security Certification Set to Improve Pentagon Supply Chain Security, but the Price May Sting Smaller Vendors

A major change to the Department of Defense supply chain security standard is in the works. Vendor security was typically evaluated after awarding a contract, but a new mandatory cyber security certification program would force contractors to demonstrate their readiness to repel attacks before being allowed to bid. [...] While there is a clear national security need for the organization to protect itself from vendor compromise, the new standards will likely involve a cyber security investment that might be too steep for smaller vendors.

https://www.cpomagazine.com/cyber-security/new-vendor-cyber-security-certification-set-to-improve-pentagon-supply-chain-security-but-the-price-may-sting-smaller-vendors/

 

South Africa’s banks, and its largest city, are grappling with separate cyber incidents

Multiple banks in the country have been hit by distributed denial-of-services attacks, while the country’s largest city, Johannesburg, is dealing with the second major breach to its network in three months. Public-facing services of multiple financial institutions were on Wednesday hit by a wave of “ransom-driven” DDoS attacks, according to the South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime.

https://www.cyberscoop.com/johannesburg-ransomware/

 

Digital Transformation in Pharma Introduces New OT Security Threats

While pharmaceutical operations networks were once siloed, today their connection to IT and anywhere access has created an environment that threatens the integrity of drug formulation control systems. What’s more, the elimination of “air-gapping” enables bad actors to penetrate a pharma-based OT environment from either the IT or the operational technology (OT) network.

https://www.securityweek.com/digital-transformation-pharma-introduces-new-ot-security-threats

 

Sprint Regulations: EHR and Cybersecurity Proposals

While the agencies are also proposing a new exception and safe harbor specifically to protect arrangements involving the donation of cybersecurity technology and related services (the “cybersecurity exception”), discussed below, the expansion of the EHR exception and safe harbor to expressly include certain cybersecurity software and services is intended to make it clear that an entity donating EHR software may also donate related cybersecurity software and services to protect the EHR.

https://www.jdsupra.com/legalnews/sprint-regulations-ehr-and-22209/

 

Windows 7 upgrade haunts health service tech vision

As is frequently the case in other sectors, healthcare organisations often negotiate favourable terms for long-term contracts, which limits their ability to find alternative healthcare technology providers if the incumbent does not choose to update its software to the latest Microsoft operating system. Simpson said organisations may choose to defer upgrading, and run an unsupported operating system instead of upgrading to Windows 10.

https://www.computerweekly.com/news/252472965/Windows-7-upgrade-haunts-health-service-tech-vision

 

Norsk Hydro's cyber insurance has paid just a fraction of its breach-related losses so far

Norsk Hydro received an insurance payout of $3.6 million following a highly publicized cyberattack earlier this year, the company revealed in its third quarter earnings report. The insurance payout represents about 6% of the $60 million to $71 million in costs created by the incident through the third quarter, the company said. The Norwegian aluminum and energy giant expects more compensation will come as more costs are totaled.

https://www.cyberscoop.com/cyber-insurance-norsk-hydro-lockergoga-attack/

 

Small Businesses Struggle to Succeed Due to Increased Cyber Threats

In response to evolving cyber threats, ETA is proposing the introduction of a tax credit to assist Canadian small businesses in improving their cyber resilience through cyber security insurance. The proposed 15%non-refundable tax credit would be available for Canadian-based small businesses with fewer than 99 employees who meet the requirements of the CyberSecure Canada program, a voluntary cybersecurity certification program administered by Innovation, Science, and Economic Development Canada.

https://www.financialbuzz.com/small-businesses-struggle-to-succeed-due-to-increased-cyber-threats/

 

Recent Cyber Attacks Target Asset Management Firms

Regulators recognize that financial firms are uniquely at risk, and have made cybersecurity a top priority, calling for companies to institute both prophylactic and remedial measures to deal with cyber attacks. For example, the SEC Enforcement Division’s Cyber Unit (formed in 2017) is tasked with investigating cybersecurity at regulated entities, as well as issuer disclosures of cybersecurity incidents and risks. And, the SEC’s Office of Compliance Inspections and Examinations (OCIE) continues to include cybersecurity among its Examination Priorities.

https://www.lexology.com/library/detail.aspx?g=bcd16de1-d4b4-4854-813e-e9bac28b7f19

 

Russia’s Fancy Bear hackers conduct “significant cyberattacks” on anti-doping agencies

The attacks are only the latest brazen steps the group has taken to shield against or retaliate for allegations of cheating by Russian Olympic athletes. In 2016, WADA blamed Fancy Bear for a hack that stole confidential medical data. The hackers then published the data, which included the drug regimens of Simon Biles, Serena and Venus Williams, and other athletes, in an attempt to paint them as flouters of WADA regulations.

https://arstechnica.com/information-technology/2019/10/russias-fancy-bear-hacking-group-targets-olympics-organizations-again/

 

Justice official: U.S. private and public sectors face the same Chinese spying tactics

Chinese intelligence officers have looked to recruit employees at U.S. companies and use that foothold to steal trade secrets in sophisticated operations, according to John Demers, the assistant attorney general for national security. Intelligence agencies, companies and research institutes in China are also coordinating deeply to pinpoint the data they want, Demers said Thursday at CyberTalks in Washington, D.C.  [...] In recent years, China’s civilian intelligence agency, the Ministry of State Security, has become the country’s preferred arm for hacking to conduct economic espionage, private analysts and U.S. officials say.

https://www.cyberscoop.com/chinese-espionage-john-demers-doj/

 

Georgia ‘I’ll Be Back’ Cyber Attack Terminates TV, Takes Down 15,000 Websites

The targeting itself seems somewhat random, with personal, business, and local newspaper sites defaced and eventually taken offline along with government sites such as those of the general jurisdiction courts, and even Georgian President Salome Zurabishvili. The defaced sites had their home pages replaced with images of former President Mikheil Saakashvili and a banner stating "I'll be back." Saakashvili is wanted on multiple criminal charges in Tbilisi and is in self-imposed exile in Ukraine.

https://www.forbes.com/sites/daveywinder/2019/10/29/georgia-ill-be-back-cyber-attack-terminates-tv-takes-down-15000-websites/

 

Cyber Security Strategy 2020: Civil society experts slam 'national security' agenda

"There's two sort of narratives in cybersecurity and ... states align with one or the other," said Lucie Krahulcova, Asia policy analyst at Access Now. One is the narrative of national security; a narrative of control, like in China and Russia, as well as in many other governments. The other is the narrative of the internet as a shared common good and an enabler of civic rights. [...] "I think Australia teeters on the edge of those," Krahulcova said.

https://www.zdnet.com/article/cyber-security-strategy-2020-civil-society-experts-slam-national-security-agenda/

 

Security and Privacy Experts Uncover Hidden Threats You Need to Know About

I think that the top security threat today is not directly from overtly malicious actors, but rather from the huge amount of information that is accumulated about each and every one of us through all the devices that we use regularly. This information, inevitably, leaks to actors with very different interests than us (including malicious actors), and it can be harnessed very effectively to cause damage.

http://www.bu.edu/articles/2019/cybersecurity-threats/

 

Cyber Insurers Train Sights on Privacy Violations

Supersize costs for breaching privacy laws are challenging insurance companies, which say that many clients aren’t prepared to deal with the changes these rules bring. Insurers worry that rules defining individuals’ ownership of their data, and how that data is handled or retained, represent a fundamental challenge to how companies have typically handled customer information.

https://www.wsj.com/articles/cyber-insurers-train-sights-on-privacy-violations-11572255000

 

Facebook Sues NSO Group Over Alleged WhatsApp Hack

In May 2019, a zero-day vulnerability was found in WhatsApp’s messaging platform, exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. A new lawsuit by WhatsApp owner Facebook alleges that NSO Group developed the surveillance code and used vulnerable WhatsApp servers to send malware to approximately 1,400 mobile devices.

https://threatpost.com/facebook-sues-nso-whatsapp-hack/149661/

 

New 'unremovable' xHelper malware has infected 45,000 Android devices

Named xHelper, this malware was first spotted back in March but slowly expanded to infect more than 32,000 devices by August (per Malwarebytes), eventually reaching a total of 45,000 infections this month (per Symantec). The malware is on a clear upward trajectory. Symantec says the xHelper crew is making on average 131 new victims per day and around 2,400 new victims per month. Most of these infections have been spotted in India, the US, and Russia.

https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/

 

Amazon is saying nothing about the DDoS attack that took down AWS, but others are

One such company is digital monitoring firm Catchpoint, which sent us its analysis of the attack in which it makes two broad conclusions: that Amazon was slow in reacting to the attack, and that tardiness was likely the result of its looking in the wrong places. [...] The attack targeted Amazon’s S3 - Simple Storage Service - which provides object storage through a web interface. It did not directly target the larger Amazon Web Services (AWS) but for many companies the end result was the same: their websites fell over.

https://www.theregister.co.uk/2019/10/28/amazon_ddos_attack/

 

This old trojan malware is back with a new trick to help it hide in plain sight

"It's like wading through a crowd of a million people and trying to pick out the one person wearing a green undershirt without being able to look under people's jackets. There's nothing suspicious about its existence, its appearance or even its initial behaviour. Everything about it seems normal." said Krishnan Subramanian, security researcher at Menlo Labs.

https://www.zdnet.com/article/this-old-trojan-malware-is-back-with-a-new-trick-to-help-it-hide-in-plain-sight/

 

A Cybersecurity Firm’s Sharp Rise and Stunning Collapse

Despite Boback’s hustle—or perhaps because of it—he struggled to sell EagleVision X1 to the C.I.A. With the chance of a big payout receding, Boback thought that perhaps the technology would be easier to sell if he built a business around it. So, in 2005, he met with a Pittsburgh financier, who agreed to invest seed money to elevate Tiversa from some lines of code into a startup. The investor recommended that Tiversa focus on corporate clients; they could bring in agencies like the C.I.A. later.

https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast