Tag Archives: security news

Weekly updates: Top of The News

Coronavirus: More Companies Backing Out of RSA Conferences

AT&T Cybersecurity and Verizon have decided not to attend the RSA Conference in San Francisco this week, citing concerns about the coronavirus. IBM announced its decision not to attend RSA on February 15. The conference is taking place this week as scheduled. Sony and Facebook’s Oculus have pulled out of the Game Developer Conference scheduled for March 16-20 in San Francisco. Coronavirus worries have already caused the cancellation of the World Mobile Congress that was to have taken place in in Barcelona February 24-27. Black Hat Asia 2020 has been postponed to fall 2020, and Cisco has cancelled its Cisco Live! Conference that was scheduled to be held in Melbourne, Australia early next month.

Read more in:
– www.scmagazine.com: AT&T, Verizon join RSA exodus over Coronavirus fears

Car Thieves Disabling OnStar, Replacing Vehicle Computers(February 11, 2020)
 In “a recent string of stolen Chevrolet Silverado pickups,” thieves disabled the OnStar anti-theft technology almost immediately, reducing the likelihood of the vehicles’ recovery. Surveillance video has shown how fast the thieves operate – pop the lock, open the hood, change the computer, and disable OnStar tracking.
Read more in:
– gmauthority.com
: Chevrolet Silverado Thieves Disable OnStar Tracking

Median Dwell Time for Breaches is Falling Worldwide

According to the M-Trends 2020 Report, the global median “dwell time” – the time from initial intrusion to detection – fell from 78 days to 56 days in just one year. The report also found that while intrusions are being detected more quickly, they are more often discovered by third parties rather than internally.

Read more in:
– content.fireeye.com: M-Trends 2020 (PDF)
– www.zdnet.com: Cybersecurity: Hacking victims are uncovering cyberattacks faster – and GDPR is the reason why

U.S. Defense of Department DISA Breach Exposed PII of 200,000 People(February 20 & 24, 2020)
 The US Department of Defense’s (DoD’s) Defense Information Systems Agency (DISA) has acknowledged a network breach that compromised the personal information of at least 200,000 individuals. On February 11, 2020, DISA sent letters to the people whose data were compromised, telling them that the breach occurred between May and June 2019. DISA secures and manages White House communications.
Read more in:
– threatpost.com: Data Breach Occurs at Agency in Charge of Secure White House Communications

Wyden Pushing for Release of ShiftState Voatz Audit Results

US Senator Ron Wyden (D-Oregon) is asking a company that conducted an audit on the Voatz mobile voting app to disclose the results. While ShiftState’s audit gave Voatz “high marks,” researchers at MIT recently published a paper enumerating security concerns present in Voatz. Specifically, Wyden wants to know how many “ShiftState personnel that audited Voatz [have] experience in election security, cryptographic protocol design and analysis, side channel analysis, and blockchain security;” whether ShiftState detected the same flaws the MIT researchers found; and whether the company agrees or disagrees with the MIT findings and why.

Read more in:
– www.meritalk.com
: Sen. Wyden Questions ShiftState on Voatz Audit

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address?

Exclusive A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.

The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown. It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.

Read more in

https://www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/

Top of The Cyber News

Ransomware Targeting Canadian Businesses and Municipalities(October 14, 2019)
 A dental clinic in Toronto, Ontario, was hit with ransomware last week. The office was locked out of 19 of its 22 computers for at least a day; the clinic did not pay a ransom to regain access to its files; the dentist noted that they “were lucky… [because they] had a good backup.” Several Canadian municipalities have also recently found their systems infected with ransomware.

Read more in:
– www.cbc.ca
: ‘Definite uptick’: Global wave of ransomware attacks hitting Canadian organizations

DHS’s CISA Wants Administrative Subpoena Powers(October 9, 2019)
 The US Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) wants the authority to issue administrative subpoenas to service providers to obtain contact information for owners of vulnerable systems and devices. CISA wants to contact these entities directly, and currently cannot always let businesses know about cyber threats because it is not always clear who owns vulnerable systems

Read more in:
– techcrunch.com
: DHS cyber unit wants to subpoena ISPs to identify vulnerable systems

CrowdStrike Report: China’s C919 Aircraft Components Copied from Manufacturers in Other Countries(October 14, 2019)
 According to a report from CrowdStrike, China’s new Comac C919 airplane appears to be an amalgam of components copied from other companies. A Chinese government-backed hacking group has been targeting aerospace companies for their intellectual property for nearly a decade. CrowdStrike said that one of China’s goals was to be able to manufacture all the airplane parts within its own country.
Read more in:
– www.crowdstrike.com
: Huge Fan of Your Work: How TURBINE PANDA and China’s Top Spies Enabled Beijing to Cut Corners on the C919 Passenger Jet

DCH Health Hospitals Open After Ransomware Attack(October 11, 2019)
 The Chief Operating Officer of DCH Health Systems says that all its hospitals’ services are open less than two weeks after they were encrypted by a ransomware attack. DCH Health has access to patient-related electronic systems; non-essential systems are still being restored. DCH Health paid the ransom, but did not disclose the amount. The COO says DCH have cyber insurance.
Read more in:
– www.govtech.com
: Hospital Operations Back to Normal After Paying Ransom

France’s Cybersecurity Agency Warns of Cyber Espionage Attacks(October 7 & 8, 2019)
 France’s national cybersecurity agency, Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), has issued an alert warning of cyberattacks that are targeting engineering companies and service providers. In its report, ANSSI notes that “attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients.”
Read more in:
– www.zdnet.com
: France warns of cyberattacks against service providers and engineering offices

CyberNews: Top of the News

Huawei Backdoors Confirmed in Vodaphone Documents(April 30, 2019)

Vodafone Group Plc has acknowledged that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China’s global technology prowess. This is the first time such serious Huawei security issues have been made public.
– www.bloomberg.com
: Vodafone Found Hidden Backdoors in Huawei Equipment

Maersk Head of Security on Lessons Learned from NotPetya(April 29, 2019)
 In late June 2017, international shipping container company Moller-Maersk was hit with the NotPetya malware. Speaking in a keynote session at CYBER UK 19, Maersk’s head of cybersecurity compliance said he was stunned by “the sheer ferocity and the speed and scale of the attack and the impact it had.” He said that the attack was a reminder that companies can become unintended victims, and that while it is important to protect systems and networks, companies also need to ensure that they have a solid recovery plan in place.

Read more in:
– www.zdnet.com
: Ransomware: The key lesson Maersk learned from battling the NotPetya attack

Greenville, North Carolina, Recovering from Ransomware(April 26, 2019)
 The city of Greenville, North Carolina is in the process of recovering from a ransomware attack that infected its systems on April 10. Officials say the city’s website is operational again and that some employees have email. The city said it never planned to pay the ransom. IT staff is reimaging all of the city’s computers.

Read more in:
– www.scmagazine.com
: Greenville in recovery phase from Robbinhood ransomware attack
– www.wnct.com: City of Greenville bouncing back from ransomware attack

Cleveland Airport Malware Update(April 29, 2019)

Flight and baggage information monitors are once again operational at Cleveland’s Hopkins International Airport. Last week, city officials said that the problems were not caused by ransomware. At a press conference on Monday, April 29 Cleveland’s Chief Information Officer says that the malware that infected computers at the airport was indeed ransomware. Airport officials did not respond to the ransomware demands. The FBI is investigating.
Read more in:
– www.cleveland.com
: Cleveland acknowledges for first time Hopkins airport hack involved ransomware
– www.wkyc.com: Flight screens working again at Cleveland Hopkins Airport after going dark amid malware discovery

CyberSecurity: Top of the News (11 March, 2019)

Senate Panel Equifax Investigation Findings Released(March 8, 2019)


 A Senate panel investigation into the 2017 Equifax breach found that the company again and again neglected to take adequate precautions to protect the consumer data it held. The panel’s report makes several recommendations, including that “Congress should pass legislation that establishes a national uniform standard requiring private entities that collect and store PII to take reasonable and appropriate steps to prevent cyberattacks and data breaches.”
Editor’s Note

[Neely]
Equifax has lots of company: a recent study found most of the fortune 100 companies had similar problems. The argument for stability or status quo, versus the expense of regression testing, possible downtime, to apply updates and security fixes is not new and has to be baked into the business. Reliance on regulatory requirements alone is insufficient. Until security is immutable in the board room this will continue.
Read more in:
– www.theregister.co.uk
: Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal
– www.carper.senate.gov: How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach: Staff Report (PDF)

RSA Panel: The Five Most Dangerous New Attack Techniques and How to Counter Them(March 7, 2019)


 At the Five Most Dangerous New Attack Techniques and How to Counter Them panel at the RSA conference in San Francisco on Thursday, March 7, Ed Skoudis, Heather Mahalik, and Johannes Ullrich described attack techniques and remediations and answered questions from audience members.
Read more in:
– www.rsaconference.com
: The Five Most Dangerous New Attack Techniques and How to Counter Them (video)

GAO Chief Enumerates High Risk List Issues for Legislators(March 6, 2019)


 Head of the US Government Accountability Office (GAO) Comptroller General Gene Dodaro spoke to panels at both the House and the Senate regarding the GAO’s recently published High Risk List, which examined 35 areas in “federal programs/operations that are vulnerable to waste, fraud, abuse, and mismanagement, or that need broad reform.” Dodaro told members of the Senate panel that the administration’s National Cyber Security Strategy, released last fall, provides “no implementation plan, definition of responsibilities, or metrics.” Dodaro told the House panel that federal IT systems have the same “material weaknesses” every year, due in part to legacy IT systems. Dodaro also questioned federal agency heads’ attention to known cybersecurity issues, saying that the problems lack “top-level management attention.”
Read more in:
– fcw.com
: Cyber strategy short on specifics and metrics, says GAO
– www.meritalk.com: Comptroller Questions Priority Given by Agency Heads to Cybersecurity Issues
– www.gao.gov: HIGH-RISK SERIES: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas (Highlights)
– www.gao.gov: HIGH-RISK SERIES: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas (full report – PDF)