News Items

An annual report on cloud security has been released by RedLock, which indicates that security practices pertaining to the use of cloud services are still being overlooked by many organizations. According to the report, many organizations that use cloud services still neglect to implement proper security practices in the management of user accounts and database connections, leading to critical cloud vulnerabilities. This article further discusses the findings shared by researchers within this report in relation to the compromise of user accounts, poorly connected databases, leaking of access keys from cloud computing environments, misconfigured cloud storage services, and more.

ZDNet reports "Cloud Vulnerabilities Are Being Ignored by the Enterprise"

Google security researchers have discovered seven different critical security vulnerabilities within the Dnsmasq software package, which largely impacts millions of Android phones, home routers, desktops, and other IoT devices. Dnsmasq is an open-source network utilities program used to provide local DNS services and DHCP capabilities. The exploitation of vulnerabilities found within the Dnsmasq software could allow attackers to remotely execute malicious code, perform denial-of-service attacks, and leak information. This article further discusses the discovery of these vulnerabilities, patches that have been released for these vulnerabilities, as well as devices and software that have been impacted.

eWeek reports "Google Reveals Critical Flaws In Dnsmasq Software Packages"

Although there is no single solution or method to completely safeguard organizations from cyberthreats as such threats continue to grow in sophistication, there are five IT practices that companies could avoid in order to improve upon their security posture and prevention of advancing threats. These practices include the use of older office printers, overlooking alerts, improper management of administrative rights, lack of attention on the active use of apps by employees within the network, and lack of preparation in the event that a device containing unsecured sensitive data is lost. This article further discusses the five practices that pose cybersecurity risks to organizations.

Dark Reading reports "5 IT Practices That Put Enterprises at Risk"

A study conducted by researchers at Princeton University highlights the extensiveness of email tracking and how this form of snooping could significantly impact the privacy of users. According to researchers, most emails are embedded with third-party content that enables third parties to track a user's online activities as well as connect these activities to the user's email address. Researchers warn of the significant privacy threats posed by email tracking such as the tracking of a user across multiple devices and more. This article further discusses the findings of this study in relation to the process of email tracking, privacy risks posed by email tracking, privacy-impacting features contained by email clients, and suggested defense strategies against email tracking.

CSO Online reports "New Research Details the Privacy Implications of Email Tracking"

As indicated by a survey conducted by Venafi, many organizations often neglect to examine encrypted traffic within their networks. As the encryption of traffic by organizations as well as the use of machine identities increases, the risk of cyberattacks grows. Security experts at Venafi have highlighted ways in which the exploitation of encrypted tunnels could be used to attack organizations. This article further discusses the importance of actively securing encrypted tunnels and five ways in which encrypted tunnels could be used against organizations.

Help Net Security reports "How Attackers Can Take Advantage of Encrypted Tunnels"

Researchers at Duo Security have discovered a new strain of ransomware, which targets Mac users as it attacks the firmware of Apple Mac computers. Analyses of 73,000 Mac computer systems have revealed the lack of security updates being received by the Extensible Firmware Interface (EFI), which is present within all Mac hardware. The insecurity of this firmware leaves users susceptible to significant security threats. This article further discusses the discovery this new strain of Mac ransomware and its potential impacts on users.

ITProPortal reports "Major Strain of Mac Ransomware Discovered"

Senior security consultant at IOActive, Alejandro Hernandez, has discovered a number of vulnerabilities during the examination of 21 popular mobile stock trading applications. The exploitation of these vulnerabilities can allow hackers to perform malicious activities such as selling a user's stock, gathering personal financial information on a user through snooping, and pilfering money. Vulnerabilities discovered to be contained by mobile trading apps include the exposure of user passwords in cleartext, unencrypted storing of sensitive data, the use of unencrypted HTTP channels, and more. This article further discusses the vulnerabilities discovered during this investigation, what hackers could do when these flaws are exploited, and ways in which the security posture of trading platforms could be improved.

The Register reports "Mobile Stock Trading Apps Riddled with Security Holes"

As the cyberthreat landscape continues to grow in complexity, traditional security measures such as firewalls and antivirus software are becoming highly insufficient in the fight against sophisticated cyberattacks that are being launched today. Organizations are encouraged to consider more advanced strategies in securing sensitive data from such attacks. The use of artificial intelligence technology applies machine learning to improve upon the performance of cyberthreat detection systems through training. This article further discusses the capabilities of machine learning and the use of data in the training process for machine learning and other artificial intelligence (AI) applications.

SIGNAL Magazine reports "Training Machine Learning for Cyberthreats"

Registration is now open for the 2017 Codebreaker Challenge, which is a contest developed by the National Security Administration (NSA) in support of developing the cybersecurity skills of university students. This contest invites college students to perform reverse engineering to improve upon tactics against malicious cyber activities. This article further discusses the skills that must be applied and the tasks that must accomplished in this challenge, the scenario provided by this challenge, along with the results and participants of this challenge in 2016.

Voice of America reports "NSA Invites Students to 'Hack Us!'"

Bank ATM networks within the United States and Canada are expected to face an influx of cyberattacks in 2017 according to a report published by Europol's European Cybercrime Centre (EC3) and Trend Micro. This report provides details on a variety of different physical and network-based malware attacks on ATMs, which could allow the theft of money and credit card data. Due to the increased development, availability, and distribution of ATM malware within the underground internet, such attacks are expected to be launched in larger regions. This article further discusses what the report provides in pertinence to ATM malware attacks, how public and private organizations could use this report, as well as network-based ATM attacks that have been launched in Eastern Europe.

SC UK reports "More ATM Network Attacks Expected, US and Canada to Be Targeted"

A team of researchers at the University at Buffalo have developed a computer security system in which biometric scanning is performed on the dimensions of a person's heart for identification. This new form of biometric identification measures and monitors the dimensions of the heart such as its shape and size, as well as its movement to identify a person. Low-level Doppler radar is used to measure and continuously monitor a person's heart. This article further discusses this advancement in biometric identification, where this technology will be presented, the expected use of this system, and the advantages that this system has over current biometric identification tools.

R&D reports "Researchers Investigate Heart Scan for Computer Security Identification"

The Trusted IoT Alliance has been formed among blockchain technology companies and enterprises such as Cisco, Gemalto, and Bosch. This alliance is in support of the development and establishment of a standard to be followed by an open source blockchain protocol, which will improve upon the integrity of the IoT ecosystem. This article further discusses the use of blockchain technology in the advancement IoT device security and more details on the goals of this alliance.

Help Net Security reports "Setting the Standard for a Blockchain Protocol for IoT"

A team of researchers at Positive Technologies have demonstrated how the exploitation of vulnerabilities within the Signaling System 7 (SS7) protocol could allow malicious actors to perform a number of malicious activities such as gaining access to Gmail accounts and Coinbase accounts to steal funds. SS7 is a telecommunications standard used in the transportation and exchange of data. This article further discusses the use of the SS7 protocol, what can be performed by attackers with the exploitation of vulnerabilities within this protocol, and notable attacks that have exploited SS7 vulnerabilities.

Cyber Defense Magazine reports "Researchers demonstrate how to steal Bitcoin by exploiting SS7 issues"

Ransomware is expected to increasingly target mobile devices such smartphones and tablets as tools and services for performing such attacks on these devices become more accessible to cybercriminals via the dark web. According to researchers from SecureWorks' Counter Threat Unit (CTU), the variation of ransomware has expanded as 200 new ransomware variants have been discovered in 2016, an increase of 122% from 2015. CTU researchers have also discovered a number of different types of malware being advertised for sale within the dark web, which are capable of performing acts of ransomware on Android smartphones such encrypting files and demanding payments in addition to spying on the device's functions. This article further discusses the expected growth of mobile ransomware, malware that is being sold in the dark web that indicate this growth, techniques used in the launch of mobile ransomware on browsers, along with the growth of business email compromise (BEC) and business email spoofing (BES).

Dark Reading reports "Mobile Ransomware Hits Browsers with Old-School Techniques"

A team of researchers at the Stevens Institute of Technology have released a paper, detailing a method in which they use machine learning systems to predict the passwords that users will use. The technique demonstrated by researchers called "PassGAN", uses a generative adversarial network composed of two machine learning systems. Through the feeding of plain-text passwords gathered from a previous leak, the machine learning system is able to figure out the rules used by people in the generation of their passwords. This article further discusses ways in which password-stealing attacks can be performed and the demonstration of PassGAN by researchers.

The Register reports "AI Slurps, Learns Millions of Passwords to Work out Which Ones You May Use Next"

The Defense Advanced Research Projects Agency (DARPA) aims to improve the automated detection of social engineering attacks with its Active Social Engineering Defense (ASED) program. This program proposes the use of bots in the discovery and recognition of social engineering campaign sources. Bots will also be used to mediate in the event that a victim is under attack. The validation and disclosure of the potential attacker's identity and details of the attack will also be improved with the use of bots. This article further discusses the proposed capabilities and benefits of the ASED program.

GCN reports "DARPA enlists bots to fight social engineering"

Miners are one of the classes of malware that have increasingly been encountered by users recently. Malicious threat actors could collect cryptocurrency by deceiving unsuspecting users into installing mining software on their computer systems. Threat actors could also exploit vulnerabilities within the mining software to receive cryptocurrency. This article further discusses recent detections and observations pertaining to the propagation, operation, and impacts of concealed cryptocurrency mining.

Securelist reports "Miners on the Rise"

A report released by the security vendor, SecureWorks, says that tools used in the performance of malicious cyber activities are becoming more affordable, thus increasing the accessibility to such tools for cybercriminals. Less-skilled cybercriminals could purchase malware, ransomware, spam botnets and more at affordable prices within the underground internet. This article further discusses the tools and activities that can be accessed and performed within the underground internet by cybercriminals, along with the increased accessibility to services within this online criminal landscape.

ZDNet reports "Low-Cost Tools Making Cybercrime More Accessible: SecureWorks"

You Get Where You're Looking For: The Impact of Information Sources on Code Security (Free Open Access Copy) by Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky is the Winner of the 5th Annual Best Scientific Cybersecurity Paper. These researchers are at CISPA, Saarland University in Germany and at The University of Maryland, College Park in the United States.

The Cyber Diplomacy Act of 2017 has been introduced by a bipartisan group of Representatives that would create an Office of Cyber Issues at the State Department as well as require the development of a public international cyberspace strategy by the federal government. The passing of this bill would also require supervision over international cyber agreements by Congress. This article further discusses the proposal of this bill, the importance of a clearly-defined cyberspace strategy, and duties that would be performed by Office of Cyber Issues leader.

SC U.S. reports "Bill Creating an Office of Cyber Issues in the State Department Proposed"

A survey conducted by Ponemon Institute finds that most organizations acknowledge the importance of threat intelligence in achieving a strong security posture. However, many of the organizations that participated in this survey, still find it difficult to maintain the copious amounts of threat data as well as sustain skilled staff, which are both essential in the performance of threat intelligence programs. This article further discusses key findings of this survey in relation to the value and use of threat intelligence sharing, challenges faced by organizations in the management of threat intelligence, along with suggestions in maximizing the effectiveness of threat intelligence.

Help Net Security reports "Organizations struggle to maximize the value of threat intelligence"

Analysis conducted by Kromtech Security Center has revealed that 15,000 Elasticsearch servers are insecure with 4,000 of those servers hosting point-of-sale (POS) malware strains by the names of Alina and JackPos. These servers are insecure as they lack authentication, allowing hackers to perform a number of malicious activities such as stealing and ruining data. This article further discusses the insecurity of Elasticsearch servers along with POS malware strains Alina and JackPoS.

Threatpost reports "Thousands of Elasticsearch Servers Hijacked to Host PoS Malware"

A team of researchers at the University of Edinburgh discovered a method, which hackers could use to interreupt messages in their transmission between fitness trackers and cloud servers. In the demonstration of this method, researchers were able to gain access personal information and generate fake activity records of users. Researchers have also demonstrated how end-to-end encryption used by these devices, could be bypassed. This article further discusses how the exploitation of vulnerabilities within wearable fitness trackers poses a threat to the security and privacy of user data, discoveries made by researchers in the study of wearable fitness tracker security, along with Fitbit's response to this discovery.

Phys.org reports "Fitness Trackers Could Benefit from Better Security, Study Finds"