News Items

A survey conducted by Thycotic at the Black Hat 2017 conference reveals the perspectives of hackers on the protection of critical data. According to the survey, hacking privileged accounts is the pathway that is most preferred by hackers to gain quick and easy access to critical data. Survey results also indicate that human behavior is a bigger contributing factor to the breach of data than inadequately secure software. This article further discusses the results of the survey in relation to hackers' perspectives on traditional cybersecurity tools and solutions, along with the current focus of hackers.

Infosecurity Magazine reports "Hackers See Privileged Accounts as Best Route to Sensitive Data"

The National Association of State Chief Information Officers (NASCIO) have identified cybersecurity as the top priority above other priorities pertaining to policy and technology. The discussion of cybersecurity often places focus on the systems side such as hardware and software, however the human side is a critical element as well. Inadequate training and awareness in relation to cybersecurity within workforces, poses significant threats of cyberattacks. Therefore, governments are taking more action to improve upon cyber-hygiene. This article further discusses ways in which cyber-hygiene can be supported in the workplace and common cyberthreats that employees encounter.

Government Technology reports "Hackers' Little Helpers: Employees With Bad 'Cyberhygiene'"

Dashlane, a password management service, conducted a new study that reveals the quality of password policies implemented by popular web services such as Amazon, Dropbox, QuickBooks, and more. The study conducted, analyzed 40 popular online portals using a set of five rules to evaluate the enforcement of password protection on each service. Rules used by Dashlane in this study, evaluates requirements in the creation of passwords, password creation feedback, brute-force protection, and two-factor authentication. This article further discusses the results of the study, suggestions for creating secure passwords, and ensuring secure password creation without inconveniencing users.

Security Intelligence reports "Poor Password Policy? New Study Probes Prevalent Protection Problems"

The International Data Sanitization Consortium (IDSC) has been developed by a group of security experts to provide guidance in the process of properly sanitizing data on hardware devices such as hard drives within data centers, medical equipment, automobiles, wearables, and more. The reformatting and resetting of hard drives is ineffective in the sanitization of data from hardware devices as easily accessible forensics tools can be used to recover deleted files. This article further discusses the purpose of the IDSC, common misconceptions surrounding the process of sanitizing data, and the importance of implementing a mature data security lifecycle policy.

Dark Reading reports "New Consortium Promotes Proper Data Sanitization Practices"

The Synopsys' State of Fuzzing 2017 report reveals that open source protocols and common file formats used within six different industries, likely contain zero day exploits. The report derives from more than 4.8 billion fuzz tests performed by users of Synopsys's Defensics Fuzz Testing tool in 2016. Fuzz testing is a technique in which distorted input is sent to targeted software in order to discover vulnerabilities within the software. This article further discusses the findings of the report, the method of fuzzing, and the importance of utilizing fuzz testing in the development of software.

SDTimes reports "Fuzz testing finds industries left vulnerable by unsecured software"

Researchers at Skyhigh Networks have discovered attacks targeting Microsoft Office 365 accounts of senior employees within a wide range of Fortune 2000 companies. These attacks have been launched through the use of cloud infrastructure to perform extremely stealthy brute force attacks, which brings attention to the increasingly complex security challenges faced by companies in the adoption of cloud services. This article further discusses recent cloud-on-cloud attacks, how they were discovered by researchers, difficulties in identifying the perpetrators behind these attacks, and issues faced in the transition into the cloud.

CyberScoop reports "Hackers use 'cloud-on-cloud' attacks to evade detection, attribution"

Scientists at the University of Washington in Seattle have developed the first biological malware that is capable of successfully taking over a computer. Researchers were able to demonstrate this hack by encoding malicious software into DNA then using it to remotely take control over any computer that analyzes DNA samples read by a DNA sequencing machine. This article further discusses the development of DNA malware by researchers, how much of a threat it currently poses to security, how it could potentially be used by hackers in the future, and the importance of maintaining the security of bioinformatics software.

MIT Technology Review reports "Scientists Hack a Computer Using DNA"

UpGaurd researchers have discovered an open port in which hackers could use to exfiltrate data from the servers of Power Quality Engineering (PQE), a Texas-based firm. The discovery was made as Chris Vickery, UpGaurd Director of Cyber Risk Research, was able to extract 205 GB of exposed data from PQE's servers through a misconfigured open port configured for public access and used rsync server synchronization. Data exfiltrated from PQE's servers by Vicker, includes documents such as reports consisting of electrical infrastructure data belonging to customer facilities. This article further discusses the details of this discovery and the importance of closing security gaps.

Help Net Security reports "How a port misconfiguration exposed critical infrastructure data"

Researchers at Germany's Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) have added profile-based anomaly detection software for security information and event management (SIEM) systems to help in the management of large amounts of data that is usually generated by SIEM systems. The implementation of PA-SIEM would allow cyberattacks to be detected faster by the scanning of anomalies instead of the traditional reliance on predefined rules. This article further discusses the process of PA-SIEM and the inadequacies of SIEM.

eSecurity Planet "Researchers Add Profile-Based Anomaly Detection to SIEM"

Troy Hunt, a security researcher, has developed a new tool to help people discover if their current or older passwords have been compromised in data breaches. This tool by the name of "Pwned Passwords" is website that allows users to enter a password to see if it is included within a database of 320 million breached passwords. These passwords come from major data dumps of online services such as LinkedIn, Myspace, and Adobe. This article further discusses this tool, along with how it could improve upon password creation and use.

Wired UK reports "Sorry 'cyberwarrior', your password is pwned along with 320m others"

Protecting systems against malware is an ongoing battle for security researchers as malware authors continue to improve upon the methods of which their malware attacks defeat anti-malware software. As malware authors encrypt their malware programs, the process of analyzing malware require analysts to run malicious code on their own computers in order to discover how the malware manages to compromise a computer network or system, travel throughout a system, and perform actions. A program created by Shabnam Aboughadareh, called SEMU, addresses issues pertaining to the analysis of malware attacks on both low and high technological levels. This article further discusses the processes of analyzing and running malware, problems faced in the analysis of malware programs, and how SEMU addresses these problems.

The Conversation reports "Inside the fight against malware attacks"

According to Zscaler, a cloud security company, there has been a significant increase in the use of Secure Sockets Layer (SSL) encryption by malware authors and operators for the circumvention of detection and concealment of communication in malware launchings. SSL is expected be used more as it provides attackers with an additional layer to hide communications of malicious programs. This article further discusses the observed increase in the use of SSL by malware authors, other techniques used by attackers to avoid detection, and other growing threats.

eWeek reports "More Hackers Building SSL Encryption into Malware, Zscaler Finds"

As indicated by a recent influx of mobile malware incidents in the first quarter of 2017, mobile devices are increasingly becoming targeted by more advanced cyberattacks. Though companies such as Apple and Android have placed more effort into developing more secure operating systems, mobile malware still continues to be developed into highly complex attacks. Mobile threat researchers have identified five new threats to the security of mobile devices that could have major impacts on businesses, which include enterprise-class spyware, mobile botnets, IoT, dead apps, along with ad and click fraud. This article further discusses what contributes to the rise of mobile attacks on enterprises and five new threats to the security of mobile devices.

CSO Online reports "Five new threats to your mobile device security"

The latest modification of the notorious mobile banking malware family by the name of "Svpeng" - Trojan-Banker.AndroidOS.Svpeng.ae adds on new keylogger functionality that could allow cybercriminals to steal entered text by abusing accessibility services. Researchers reveal that accessibility services, which are provided for user interface (UI) enhancements for users with disabilities, can be abused to enable the Trojan to steal entered text, manipulate permission settings, and prevent the uninstalling of the Trojan. This article further discusses the malicious activities performed by the mobile malware family, the attack process of this Trojan, and how extensive its deployment has been thus far.

Homeland Security News Wire reports "New mobile banking Trojans"

A new survey conducted by SANS reveals that organizations are increasingly recognizing malicious insiders as the greatest threat to their systems. There are several factors that can lead to the performance of insider threat activities such as demotion, unsatisfactory review, violation of data loss prevention, and much more. Though this threat vector is receiving more attention, many organizations still lack sufficient tools and processes for addressing it. This article further discusses the findings of this survey as well as what type of tools and processes need to be implemented in order to identify malicious insiders.

Help Net Security reports "Most damaging threat vector for companies? Malicious insiders"

A vulnerability within the popular Amazon Echo device has been discovered by researchers at MWR InfoSecurity that could be exploited to enable attackers to secretly eavesdrop on users and steal sensitive data. Researchers reveal that this vulnerability is only contained by 2015 and 2016 editions of the Amazon Echo. This article further discusses how researchers have demonstrated this attack, Amazon's response to this discovery, how impactful this type of attack can be, and ways for users of the device to mitigate this attack.

SC UK reports "Researchers pwn Alexa, turning Amazon Echo into covert snooping device"

Cyber Apex Solutions, LLC, has been awarded a five-year Other Transaction Agreement (OTA) with a maximum value of $70 million by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to aid applied research of prototype cybersecurity technologies that would be used in the protection of critical infrastructure sectors against cyberattacks. Funding provided through this contract would help advance the assessment and transition of these prototype cyberdefenseses. Cyber Apex Solutions will work with the S&T Next Generation Cyber Infrastructure Apex (NGCI Apex) program. This article further discusses what the OTA provides, which sector of the critical infrastructure is currently being focused on, and how NGCI Apex and Cyber Apex Solutions will work together.

Global Security News Wire reports "Applied cybersecurity research for better protection of critical national infrastructure sectors"

In support of creating a common language for the management and reporting of cyber threats to government organizations and industries, the Office of the Director of National Intelligence is developing standard definitions to improve the communcation and understanding of shared threat intelligence. The office's Cyber Threat Framework functions as the foundation of this development. This framework aims to support a common approach to describing cyber threats as well as define common terms used in different contexts among organizations. This article further discusses the goals of this framework, the importance of developing a common vernacular in communicating cyber threat intelligence, and metrics in threat assessment.

SIGNAL Magazine reports "Creating a Common Language Of Cybersecurity"

ESET security researchers have brought attention to homograph attacks, which could potentially pose significant threats to users as it advances the act of spoofing. Fraudulent websites can be designed to appear secure as attackers could convert the usage of HTTP to HTTPs by acquiring a valid SSL/TLS certificate for the false site. Attackers could also replace characters within a URL with Unicode characters from non-Latin writing systems in order for the domain name to look valid at first glance. This article further discusses these attack techniques as demonstrated by a researcher by the name of Xudong Zheng, along with suggestions for avoiding such attacks.

We Live Security reports "Homograph attacks: Don't believe everything you see"

IOActive researchers have demonstrated the possibility of a hacker infiltrating an ATM machine to exploit a vulnerability, which could allow all of the money within the machine to be dispensed until complete depletion. This demonstration highlights the issue that any machine embedded with a chip or connected to the Internet, is susceptible to being hacked. This article further discusses how this attack was demonstrated by researchers, along with the importance of securing embedded systems and IoT devices.

TechRepublic reports "How one small hack turned a secure ATM into a cash-spitting monster"

Energy companies are being targeted by a new form of spear-phishing attack. CyberInt has discovered this attack to be difficult to detect as the distributed "lure" email consisting of an attached Word document does not contain any malicious code, making it undetectable by defenses implemented for monitoring incoming email. Alternatively, when the Word document is loaded, its template reference connects to an attacker's server using Server Message Block (SMB), which allows a Word template containing embedded malicious payloads to be downloaded. This article further discusses other discoveries about this attack and other incidents of cyberattacks targeting critical infrastructures.

Infosecurity Magazine reports "New Form of Cyber-Attack Targets Energy Sector"

Although incidents of cyberattacks targeting organizations are constantly headlined to promote awareness of such attacks, many businesses still lack sufficient tools and procedures for the protection of their systems and data. Cyber incidents pose major threats to a company's reputation, value, assets, and more. "Unified governance" is an approach that can help foster a business culture that supports cybersecurity through the combination of security, data management, and information governance. This article further discusses 10 essential steps that businesses can follow to create this culture of cybersecurity within their organizations.

Dark Reading reports "10 Critical Steps to Create a Culture of Cybersecurity"

Omer Gil, an information security team leader at EY Advanced Security Center, has discovered a way in which a web server could be deceived into caching pages and revealing sensitive information. This web caching attack is performed through the abuse of content delivery network (CDN) service capabilities to expose personal data and takeover accounts of authenticated users. Gil has revealed that many companies that utilize web caching services are susceptible to being targets of this type of attack. This article further discusses the discoveries made about this new attack and which company has been revealed to be vulnerable to it.

Threatpost reports "Novel Attack Tricks Servers to Cache, Expose Personal Data"

Healthcare has increasingly become one of the most targeted industries for cyberattacks as indicated by recent incidents of massive data breaches and ransomware attacks. Concerns pertaining to the potential hacking of connected medical devices have also arisen as the hacking of such devices could pose serious risks to human lives, in addition to health data and services. Cyber threats against the healthcare industry are likely to grow as connected technology becomes a more integral part of the healthcare system. This article further discusses ways in which attackers target heathcare with cyberattacks, why the healthcare industry has become such a target of cyberattacks, and how healthcare could be protected.

Phys.org "Why has healthcare become such a target for cyber-attackers?"