News Items

Researchers who investigate the Dark Web are seeing an increase in the distribution of stolen company data by rogue employees. Researchers have seen rogue employees selling data stolen from the organizations at which they are employed as well as the access to this data in the underground markets. According to researchers, most of these rogue insiders work for financial and telecommunications companies. Telecommunications employees were found selling sensitive information such as text message logs and geolocation data from SIM cards, which could be used by attackers to harm VIPs or government employees. Rogue financial firm employees have been seen selling customer banking data and information that could be used for insider training. This article continues to discuss the growth in rogue employees inside the Dark Web, what type of stolen information they are selling, the processes of insider recruits in the underground markets, and the threat posed by rogue insiders.

Dark Reading reports "When Rogue Insiders Go to the Dark Web"

Vasileios Chatzistefanou and Konstantinos Limniotis, researchers at the Open University of Cyprus, did a study on the security of five anonymous social media applications to find out if they allow third parties to access personal data or track users. The anonymization of personal data is supposed to ensure that users' privacy is protected from data mining and data publishing systems. However, user privacy is not guaranteed despite the removal of personal identifiers. Characteristics of the data can be used to create a unique fingerprint through the application of different techniques. This fingerprint can then be used to determine the identity of a user. This article continues to discuss the aim of data anonymization, the characteristics that can be used to identify users in a data set, and findings of personal data processing in anonymous applications.

TechXplore reports "Can Anyone Be Completely Anonymous?"

Security researchers at CyberArk discovered a vulnerability in Microsoft's login system that could have allowed attackers to hijack users' accounts. According to researchers, attackers could have exploited the bug to steal account tokens, which are granted to users by websites and apps to enable them to access their accounts without having to re-enter their passwords. The researchers discovered the use of unregistered subdomains linked to some highly trusted apps developed by Microsoft to generate access tokens. Once an unsuspecting victim clicks on a malicious link contained by an email or website, their account token is stolen. This article continues to discuss the bug found in Microsoft's login system, what the exploitation of this bug could have allowed attackers to do, and how Microsoft responded to this discovery.

TechCrunch reports "A Bug in Microsoft's Login System Put Users at Risk of Account Hijacks"

A new study conducted by researchers at the University of Birmingham suggests the correlation between a country's cultural values and their commitment to cybersecurity regulation. The study suggests that web users in more competitive national cultures are more likely to be risk-takers, calling for stricter regulation, while web users in less competitive cultures take fewer risks, prompting lighter cybersecurity regulation. For example, China's culture is more competitive, thus creating more risk-taking web users and resulting in the enforcement of stricter cybersecurity regulation. Risky behavior in regard to cybersecurity, personal data, privacy, cybercrime, and negligence includes, but is not limited to using unsecured Wi-Fi connections, allowing web browsers to remember passwords, and visiting potentially harmful websites on devices that do not have anti-virus protection software installed. This article continues to discuss the study and its findings in relation to how cultures contribute to global differences in online regulation.

EurekAlert! reports "Cultural Differences Account for Global Gap in Online Regulation"

There are multiple vulnerabilities associated with how the new messaging standard aimed at replacing SMS (Short Message Service) is being implemented by carriers. In some instances, carriers' implementation of the communication protocol, RCS (Rich Communication Services), creates major vulnerabilities that could be exploited by attackers to track a user's location, intercept messages, spoof phone numbers, and more. In one case, a carrier's implementation of RCS allowed an app to download a user's RCS configuration file, which enabled the app to have access to voice calls and text messages. In another case, researchers discovered that the six-digit code used by a carrier for user identity verification could be guessed through the execution of a third-party brute-force attack. This article continues to discuss the aim of RCS, the vulnerabilities being created by the way carriers are implementing RCS and GSMA's response to the RCS implementation issues discovered by researchers.

The Verge reports "Bad RCS Implementations Are Creating Big Vulnerabilities"

The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) wants a vulnerability disclosure policy in place for every federal agency. Each federal agency would be required to create a formal process for security researchers to safely and legally disclose the vulnerabilities that they discover in the agency's public-facing websites, as well as security flaws found in other IT infrastructure. The implementation of vulnerability disclosure policies would alleviate concerns among public security researchers about the violation of laws when disclosing discovered security vulnerabilities to the government. The proposed directive would require agencies to create a web-based system for receiving information from researchers about potential vulnerabilities, develop a vulnerability disclosure policy, set clear limitations regarding hacking methods, and more. This article continues to discuss the directive proposed by CISA and the importance of establishing vulnerability disclosure policies.

NextGov reports "CISA Wants a Vulnerability Disclosure Program At Every Agency"

Human behavior is one of the biggest threats when it comes to cybersecurity. The education system teaches children not only with elementary competencies but also equips them with at least some of the skills that they'll need to navigate their daily lives successfully. In our technology-infused era, it is now argued that also basic cybersecurity skills are among the kinds of skills that help people thrive in life. At the moment, there is a program called Cybersecurity Education Training Assistance Program that is run by the US Department of Homeland Security.

According to a new report released by Risk Based Security, if a company only uses the Common Vulnerabilities and Exposures (CVE) system or National Vulnerability Database (NVD) to gain insight into vulnerabilities, they are vulnerable to a significant number of security issues as 33% of disclosed flaws are missing from the CVE/NVD. Researchers at Risk Based Security have identified 5,970 more vulnerabilities than what is included in the CVE/NVD. Researchers also found that many of the disclosed flaws that are not reported in the CVE/NVD are considered to be high risk or critical. As the CVE/NVD only lists flaws disclosed directly by security vendors and researchers, thousands of flaws that are reported in other ways are not getting included in these sources. This article continues to discuss the absence of major security flaws in the CVE/NVD, the reliance on these sources for vulnerability information, the different ways in which researchers disclose flaws, and the companies that disclosed the most flaws in their products last year.

Dark Reading reports "Most Organizations Have Incomplete Vulnerability Information"

Point-of-sale (PoS) systems used at popular NYC restaurants, including Catch NYC, Catch Roof and Catch Steak were found to contain malware that could allow attackers to search for track data read by PoS devices from payment cards. The data includes cardholder names, card numbers, expiration dates, and internal verification code. The discovery emphasizes the importance of applying encryption on all connections. According to the Catch Hospitality Group, which owns the three restaurants, the malware was removed and additional security measures were implemented to improve the protection of payment card data. PoS malware is expected to be a major concern for retailers during the holiday season. This article continues to discuss the credit card data scraping malware found on PoS systems in popular Catch restaurants, the response to the discovery of this malware, incidents of PoS malware infections faced by other large brands, and why PoS systems are an easy target for cybercriminals.

Threatpost reports "PoS Malware Exposes Customer Data of Catch Restaurants"

A team of researchers at Glasgow Caledonian University and COMSATS University in Pakistan developed a new intrusion detection scheme to improve the security of information shared via the internet. The proposed scheme is based on the Artificial Bee Colony (ABC) algorithm and the Random Neural Network (RNN-ABC). The intrusion detection RNN-ABC scheme was trained on the NSL-KDD Train+ dataset, which is a dataset used in the training of algorithms to identify the performance of cyberattacks. According to researchers, their scheme has been successful at classifying novel cyberattacks with an accuracy of 91.65%. This article continues to discuss the intrusion detection RNN-ABC scheme in relation to its level of accuracy and how it compares with an existing intrusion detection system based on Hybrid Multilayer Perceptron (MLP), along with the security threat posed by the growth of Internet of Things (IoT) devices.

TechXplore reports "A Model to Classify Cyberattacks Using Swarm Intelligence"

In a new study, researchers surveyed 1045 IT professionals worldwide to name their top five IT projects for the year 2020. The research concluded that 74 percent of the respondents identified data security as their top IT priority for 2020. 54% of respondents want to focus on automating manual tasks. 43% of organizations ranked data privacy among their top five priorities; 52% of them are subject to privacy regulations. 33% of organizations intend to focus on digital transformation, integrating their existing solutions, and performing cloud migrations. 20% of organizations are planning on addressing the IT skills shortage either through education of existing IT personnel or talent acquisition in 2020. And interestingly, AI was not chosen by many organizations to be one of their main focuses in 2020. Only 14 percent of large organizations (10,000-50,000 employees) stated that they were going to focus on deploying AI-based solutions in 2020.

Help Net Security reports: "Data Security and Automation top IT Projects for 2020, AI not a Priority"

SoS Research Profile: KU Leuven, Belgium

It has been discovered that telecommunications operator T-Mobile was victim of a data breach. The breach was reported to authorities on November 21st. This breach has affected an undisclosed number of customers. The number of individuals is said to be small, and the breach only impacted customers using T-Mobile's prepaid services. Users' financial data, social security numbers, and passwords were not compromised. The data that was accessed includes name, billing address, phone number, account number, rate plan, and added features. Anyone who is notified about being breached should change their password immediately.

United States Cybersecurity Magazine reports: "T-Mobile Reveals Data Breach Affecting Prepaid Customers"

Security researchers are cautioning consumers about the spike in cybercrime that usually occurs during the holiday season when people do more online shopping. Consumers should be aware of the expected increase in cybercriminal activities such as the performance of phishing scams, creation of fake shopping sites, deployment of card skimming software, and more. Security experts have provided tips for consumers on how to avoid falling victim to these cybercrimes, which include keeping security software updated, using strong passwords, making sure browsers support SSL encryption, using virtual private networks, and avoiding phishing links. This article continues to discuss the different ways in which cybercriminals can take advantage of unsuspecting consumers and what consumers can do to protect themselves when shopping online.

CSO Online reports "Your Holiday Guide to Safe Cybershopping"

IBM has launched Cloud Pak for Security, a platform aimed to address cybersecurity threats across multicloud and hybrid environments, and helping security teams increase the speed at which they respond to cyberattacks. The platform is said to be the first to use open-source technology developed by IBM to search and translate security data from different sources. Cloud Pak for Security can connect with any security tool, run in any environment, connect data sources to gain security insights without having to transfer data, and connect security workflows to a unified interface to speed up security teams' incident response times. As organizations are increasingly adopting new security technologies to keep up with the evolving cyber threat landscape, they are using disconnected tools that may not work well together all the time. This issue can be addressed by using open technologies and unified platforms such as IBM Cloud Pak for Security. This article continues to discuss the design and capabilities of this new platform.

PR Newswire reports "IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds"

In new study, 1,900 senior IT decision-makers and IT security pros in the U.S., Canada, U.K., Mexico, Middle East, Australia, Germany, Japan, France, India, and Singapore across major industry sectors were surveyed to see how fast they could detect intruders. The majority of respondents (80%) reported that in the past 12 months, they have been unable to prevent intruders on their networks from accessing their targeted data, with 44% of the participants pointing to being too slow to detect intruders as the cause. Currently, 95% of respondents surveyed, fell short of meeting the three-time standards of detecting intruders. Out of the individuals surveyed, only 11% of respondent organizations can detect intruders in under one minute, 9% can investigate an incident in 10 minutes, 33% can contain an incident in 60 minutes, and only 5% can do all three. The average time for an organization to detect an attack, investigate an attack, and contain an attack takes an average of 162 hours.

Help Net Security reports: "Only 11% of Organizations Can Detect Intruders in Under One Minute"

GitHub recently announced the launch of a new Security Lab. The purpose of the GitHub Security Lab is to improve upon the security of open source software. The new Security Lab will improve the coordination of efforts among researchers, developers, code maintainers, and organizations to address security vulnerabilities contained by open source software. The Security Lab has a dedicated team of security researchers that will work with peers from other organizations to detect security vulnerabilities in open source projects and report the bugs. In addition, developers and maintainers will collaborate in the development of patches for the disclosed flaws. This article continues to discuss the new Security Lab launched by GitHub and how this initiative will improve the security of open source software, along with the growing concern surrounding the vulnerabilities in such software.

Dark Reading reports "GitHub Initiative Seeks to Secure Open Source Code"

5G is the next generation of wireless technology that is expected to improve upon bandwidth, capacity, and reliability. However, new security vulnerabilities are expected to emerge in conjunction with the arrival of 5G networks. Although 5G networks are already going live in major cities around the world, researchers are still finding major security vulnerabilities in the 5G specification. Researchers from Purdue University and the University of Iowa recently gave a presentation at the Association for Computing Machinery's Conference on Computer and Communications Security in which they discussed 11 new design issues they discovered in 5G protocols. Using a new custom tool, called 5GReasoner, the researchers discovered these flaws that could allow attackers to expose a user's location, track communication, increase wireless bills, and more. This article continues to discuss the discovery of security flaws in the 5G standard and GSMA's response to these findings.

Wired reports "As 5G Rolls Out, Troubling New Security Flaws Emerge"

In a new study, researchers analyzed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany, and Australia. They discovered over 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted. The growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four times. The researchers also discovered that the total number of certificates that used look-alike domains is more than 400% greater than the number of authentic retail domains. Retailers are often targets of cybercriminals, one top U.S retailer, in particular, has over 49,500 look-alike domains targeting their customers. Over half (60%) of the look-alike domains that have been discovered use free certificates from Let's Encrypt.

Help Net Security reports: "Trusted Certificates make Phishing Websites Appear Valid"

Cyberattacks are expected to increase during the holiday season when consumers do more online shopping. Security researchers at Venafi have discovered more than 100,000 phishing sites masquerading as legitimate sites belonging to popular retailers. According to researchers, these copycat phishing sites are using trusted, valid TLS certificate to appear legitimate, increasing the chances of success at tricking consumers into entering sensitive account and payment information. The lookalike domains target top retailers in the U.S., U.K., France, Germany and Australia. This article continues to discuss the increase in holiday e-commerce sales from 2017 to 2018, the expected increase in cyberattacks during the holiday season, the discovery of 100,000 malicious domains posing as legitimate retailers, and the significant leap in the number of copycat sites.

Threatpost reports "Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers"

New research has lead to the discovery of a new hacking group. The hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S. Postal Service. They do this to plant malware in victims' devices and networks via phishing campaigns. They have been successful, and the malware they deliver through their emails includes backdoor Trojans as well as certain strains of ransomware.

Bank Info Security reports: "Phishing Campaigns Spoof Government Agencies: Report"

It has been discovered that there is a new bug affecting Facebook's iOS application. While using Facebook's iOS app, it activates the iPhone owners' cameras while they scroll through their news feeds. The bug started when the company tried fixing an issue, with the way Facebook's iOS app launched. A Facebook representative commented that "They inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos. We have seen no evidence of photos or videos being uploaded due to this bug." Facebook has reported the bug to Apple to be fixed. Even though this was a mistake, it is causing users of Facebook to be more worried about their privacy.

CyberScoop reports: "Facebook Confirms Bug That Activated iOS Cameras"

In a new study, it has been found that healthcare organizations are being increasingly targeted by attackers because they are seen as an easy target. In the first 9 months of 2019 alone, there has been a 60% increase in trojan malware detections. The rise has been particularly significant in the third quarter of this year, with an 82% increase in detections when compared with the previous quarter. Trickbot and Emotet are the most common forms of trojan malware targeting the health sector. These trojans can be used as a gateway to deliver other malicious payloads, and have been used to drop ransomware onto compromised systems

ZDNet reports: "Malware Attacks on Hospitals are Rising Fast, and the Problem is About to get a lot Worse"

Brenda So and Trey Keown, security researchers at Red Balloon Security Inc., discovered flaws in ATMs manufactured by Nautilus Hyosung America, the leading provider of ATMs to retail and financial institutions in the U.S. The exploitation of these vulnerabilities could allow hackers to steal cash, credit card data, debit card data, and other personal financial information. According to the researchers, if a hacker were to gain access to the network to which a targeted ATM is connected, they could hijack the machine and circumvent the security measures that were implemented for it. These vulnerabilities only impact retail versions of Nautilus ATMs. In addition, the researchers also brought further attention to the availability of master keys to the ATMs for purchase on Amazon. This article continues to discuss the vulnerabilities found in Nautilus ATMs, what the exploitation of these vulnerabilities could allow criminals to do, how many machines have been impacted by the security flaws, and how Nautilus Hyosung America responded to this discovery.

Bloomberg reports "Nautilus ATM Flaws Could Allow Hackers Access to Cash, Data"