Cyber Attacks, Threats, and Vulnerabilities
Washington’s MedStar computers down for second day after virus (Reuters via Business Insurance) MedStar Health’s computer systems remained offline on Tuesday for the second straight day after the nonprofit, one of the biggest medical service providers in the U.S. capital region, shut down parts of its network to stem the spread of a virus
Two more healthcare networks caught up in outbreak of hospital ransomware (Ars Technica) New server-targeting malware hitting healthcare targets with unpatched websites
New Server-Side Ransomware Hitting Hospitals (Threatpost) Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub
Ransomware scum sling PowerShell, Word macro nasty at healthcare biz (Register) PowerWare does its dirty work via booby-trapped files
Warning over 'nasty' ransomware strain (BBC) The FBI is seeking help from US firms as it investigates a nasty strain of ransomware
New Ransomware Installers Can Infect Computers Without Users Clicking Anything, Say Researchers (iDigitalTimes) Ransomware infections have seen exponential growth in 2016, as security researchers report both old encrypting malware like Cryptolocker and new versions like Locky are utilizing craftier methods to attack machines and encrypt files before victims even realize what’s happened
Patch or Pay: 4 Recent Vulnerabilities Tied to Ransomware (Recorded Future) Hollywood Presbyterian Medical Center’s February ransomware attack was a wake-up call as a likely random attack significantly impacted a 434-bed acute-care facility
Taiwan targeted with new cyberespionage back door Trojan (Symantec) Backdoor.Dripion was custom developed, deployed in a highly targeted fashion, and used command and control servers disguised as antivirus company websites
Remotely Exploitable Flaw in Truecaller Leaves Millions of Android Devices Vulnerable (Cheetah Mobile) Recently, security researchers from the Cheetah Mobile Security Research Lab discovered a loophole in the popular phone call management application Truecaller
Badlock Vulnerability Clues Few and Far Between (Threatpost) Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website
Russian cyber criminal targets elite law firms (Crain's Chicago Business via Business Insurance) A Russian cyber criminal has targeted nearly 50 elite law firms, including four in Chicago, to collect confidential client information for financial gain
CNBC just collected your password and shared it with marketers (IDG via CSO) CNBC withdrew a story from its website Tuesday that described good password practices after a tool included in the piece actually collected and exposed the passwords. An exercise in password security went terribly wrong, security experts say
Repeated DDoS Attacks Force Coinkit Bitcoin Wallet to Close Down Web Service (Softpedia) Coinkite, one of the earliest Web-based Bitcoin wallet services announced today plans to discontinue its service and focus on a hardware-based Bitcoin products, all because of a barrage of relentless DDoS attacks
SportPursuit coughs to being hacked. When? What got nicked? They ain't saying (Register) Firm doesn't hold card details – except when it does
Grand Ole Opry owner victim of cyber 'spear phishing' of personnel info (Business Insurance) The operator of the Grand Ole Opry, among other properties, said it has fallen victim to a “spear phishing” scheme in which employee W-2 information was sent to cyber criminals
Chinese scammers take Mattel to the bank, Phishing them for $3 million (CSO) Thieves took advantage of a recent company shakeup and corporate policy regarding payments
From NY To Bangladesh: Inside An Inexcusable Cyber Heist (Dark Reading) A spelling error was the tipoff to last month's multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?
Anonymous Rickrolls Kenyan Petrol Refinery as Part of Its Anti-Corporations Op (Softpedia) After resurrecting #OpCanary two days ago, Anonymous hackers are continuing their defacement spree with a new rickroll of another corporation, this time of Kenya Petroleum Refineries Limited, as part of their #OpAfrica campaign, operation that also has an anti-corporations component
Security Patches, Mitigations, and Software Updates
New alerts for Gmail users targeted by state-sponsored attackers (Help Net Security) Since 2012, Google has been warning Gmail users when they have been targeted by state-sponsored attackers, but now the alert will be even more visible (and therefore less likely to be overlooked or ignored)
Cyber Trends
Top computing awards show growing importance of cybersecurity (Reuters) A California computer scientist who has studied the economics of cybercrime and pushed the auto industry to address hacking threats to vehicles will be awarded one of the world's top computing prizes on Wednesday, underscoring the central role that cybersecurity plays in business and government
Will compliance-driven investment help or hinder information security? (Ikanow) If information security is your objective, compliance should not be your north star. However, data show that for most organizations compliance is the driver of information security investment. That means compliance is also the objective and information security is not necessarily the intended outcome
FireMon State of the Firewall Report Highlights the Important and Changing Role Firewalls Play in Network Security (Firemon) Majority of survey respondents stated firewalls are as or more critical than ever, but also recognize the need to stay relevant given the increase of new technology implementations
BYOD Policies Struggle to Strike Balance Between Productivity and Security: Survey (Legaltech News) As productivity takes priority, employees concerns over security and overtaxed IT departments plague BYOD adoption
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous (Part 2) (Legaltech News) Cybersecurity presents new challenges for the C-suite and those individuals directly responsible for corporate cybersecurity, IT and personnel
Infographic: One-third of CEOs are never updated on cyberattacks, survey finds (FierceITSecurity) A disturbing one-third of U.S. CEOs and other C-level executives are never updated on cyberattacks against their organization
Most Federal Agencies Have Suffered A Data Breach (Dark Reading) Vormetric report indicates that security spending in federal agencies hampers modern security techniques to safeguard critical data
Teens would sell their personal data instead of working (Naked Security) Teens are well aware of the value of their personal data
Marketplace
What's driving cyber spending in the federal market? (Washington Technology) For cybersecurity companies mapping out federal sales strategies in 2016 and beyond, it’s important to understand the nature and extent of the threat landscape that will influence buying decisions
Self-driving vehicles could change insurance landscape for carmakers, suppliers (Business Insurance) The spread of self-driving vehicles could have significant insurance implications for automobile manufacturers and suppliers, according to a report released Tuesday by Moody's Investors Service Inc
Software company acquires specialty property/casualty analytics firm (Business Insurance) Guidewire Software Inc. said Tuesday that it has acquired EagleEye Analytics
Dell's Risky Business: Cybersecurity (Forbes) Dell, Inc. is juggling so many cybersecurity brands it’s hard to keep track. If it gets too confusing, then CIOs, CISOs (chief information security officers) and IT security buyers may back off the Dell cyber products and services until they hear a cohesive message from the tech giant
Losses Nearly Doubled at Dell’s IPO-Bound SecureWorks (re/code) SecureWorks, the Dell-owned computer security firm that is on its way to an IPO later this year, posted a steeply higher loss in its most recent fiscal year, ended Jan. 29, according to its latest filing with the U.S. Securities and Exchange Commission
SAIC CEO: Scitor acquisition not a 'drag on our business' despite revenue declines (Washington Business Journal) Science Applications International Corp. (NYSE: SAIC) beat earnings estimates Tuesday and impressed Wall Street — the stock soared close to 10 percent by late morning
Security Startup Virta Labs Receives $750K Grant for Healthcare Security (PR.com) Virta Laboratories, Inc. provides comprehensive tools for cybersecurity risk management in healthcare
WashingtonExec Hosts Launch Party for Forcepoint (WashingtonExec) On February 23rd WashingtonExec helped host Forcepoint‘s company launch party with over 50 guests from the defense, intelligence and civilian contracting sectors
Cybersecurity Defense Focus Strengths In UK (Pymnts) Cybersecurity defense groups are stepping in to help companies better protect their data and strengthen their security. Firms like BAE Systems, Raytheon, Ultra Electronics and others are bringing the expertise they have garnered over decades of helping governments and military forces to private entities in need of the same services
BlackBerry could stand to benefit after U.S. authorities hack iPhone (Business News Network) BlackBerry Inc. could benefit from the U.S. Federal Bureau of Investigation’s successful unlocking of the San Bernadino gunman’s iPhone as major smartphone makers look to shore up security on their devices
Unisys Beefs Up Executive Roster (CRN) Unisys appointed two new top-level executives this week, hiring Andy Stafford as the company's new senior vice president of services, a day after the company said Inder M. Singh would join as senior vice president, and chief marketing and strategy officer
Illumio Grows Investment in Talent With the Appointment of Emily Couey as VP of People (Sys-Con Media) Former Eventbrite executive to lead Illumio's employee growth and development as adoption of company's adaptive security technology grows rapidly
Bitdefender Promotes Mihaela Paun & Ciprian Istrate to Vice President Roles to Cement Gains in Consumer Business Operations (PRNewswire) Bitdefender has promoted Mihaela Paun to Vice President Consumer Sales and Marketing and Ciprian Istrate to Vice President Consumer Solutions, to further accelerate the impressive development of the company
Webroot Appoints Neil Stratz and Chad Bacher to Executive Team (PRNewswire) Industry veterans join Webroot leadership to drive global sales and lead product innovation
Products, Services, and Solutions
Free Bitdefender tool prevents Locky, other ransomware infections, for now (IDG via CSO) The tool tricks Locky, TeslaCrypt and CTB-Locker ransomware into believing that computers are already infected
Belkin's Portfolio Of Secure KVM Switching Solutions Earns NIAP Common Criteria Certification (PRNewswire) KVM leader sets benchmark for NIAP PP3.0 and introduces new products that secure the desktop while improving user experience and reliability
Microsoft's SCCM manages security patches, but might not be secure itself (FierceITSecurity) Adaptiva teams with Windows Management Experts to offer SCCM auditing service
Add IRM, data security and encryption to any app (Help Net Security) Vera launched its new IRM-as-a-Service (IRMaaS) product, allowing developers to use Vera’s data security platform to build encryption, tracking, policy enforcement, and access control into custom business applications
Web application security with Acunetix (Help Net Security) Securing the web applications of today’s businesses is perhaps the most overlooked aspect of securing the enterprise
CyberArk Earns U.S. Department of Defense UC APL Certification (BusinessWire) CyberArk is the first comprehensive privileged account security solution provider on the list of cyber security products approved for use within Federal Agency Infrastructures
Corero Network Security passes industry milestone (Proactive Investors) Cyber security group's flagship product earns praise in tests
Technologies, Techniques, and Standards
Providers should assess breach readiness after MedStar hack (Health Data Management) With reports from MedStar Health indicating that the system’s computer systems remain down a second day after a cyber attack Monday, providers have a new sense of urgency in ensuring they have firm plans for responding to a breach
What terrorism investigations can teach us about investigating cyber attacks (Network World) Security professionals need to ditch the IT-based approach to investigating breaches and take a page from their law enforcement counterparts
When it comes to cybersecurity, don't overlook staff education (FierceHealthIT) In April 2014, the FBI issued warnings about the healthcare industry's vulnerability to cyberattacks
Monitoring suspicious behavior of employees key to better cloud security (FierceITSecurity) Monitoring suspicious behavior of employees could be the key to better cloud security
Don’t get stuck with dead end User Behavior Analytics (Help Net Security) UBAAs the frequency of sophisticated cyberattacks continue to increase, User Behavior Analytics (UBA) has taken center stage
How to Prepare for a DDoS Attack (Radware) Our 2015-2016 Global Network & Application Security Report documented that 51% of businesses suffered a DDoS attack in 2015
5 Steps to Protect Your Small Businesses From a Data Breach (Business 2 Community) In today’s business climate there are many ways businesses face risks
Hunters: a rare but essential breed of enterprise cyber defenders (ComputerWeekly) They wait, they watch, they search the outer reaches of networks and the darkest corners of the web, setting traps, crafting tools, collecting evidence and going in pursuit: they are the hunters
Taking the pulse of your information security culture (Computerworld) Anyone who has been a manager in a company of a reasonable size understands the concept of corporate culture
Design and Innovation
Internet of Things Security Will Get "a Lot Worse Before It Gets Better" (Inverse) We have a long way to go before we can really trust the IoT
IoT device makers need to incorporate security early on, says Gemalto's Hart (FierceITSecurity) As Internet of Things device makers and service providers rush to deploy and connect IoT devices, the security risks associated with these devices are proliferating
Creating secure devices for the Internet of Things (Help Net Security) Creating secure devicesThe Internet of Things (IoT) and subsequent explosion of connected devices have created a world of opportunities we might never have anticipated
A real life guide to protecting sensitive data in an IoT world (EnterpriseAppsTech) I attended the 2016 RSA Security Conference in San Francisco earlier this month. On the first day of the conference, the Trusted Computing Group (TCG) presented a half-day seminar entitled “Securing the IoT with Trusted Computing”
Academia
Air Force Association Announces New CyberPatriot Competition Award (Homeland Security Today) The Air Force Association (AFA) has announced the creation of a new recognition for exceptional CyberPatriot competitors
Legislation, Policy, and Regulation
Trident upgraded to protect against cyber attack (Telegraph) The Trident missiles will be updated amid growing worries defence computers and systems could be vulnerable to cyber attacks from Russia, China, groups such as Islamic State or organised crime gangs
Dunford: U.S. has work to do in cyber deterrence (FCW) The U.S. military still has a lot of work to do to improve its ability to deter adversaries in cyberspace, according to the country's top general
MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law (HIT Consultant) The FBI is investigating a Monday cyber attack by anonymous hackers that forced MedStar Health’s 10 hospitals and more than 250 outpatient centers to shut down their computers and email
Homeland Security subcommittee calls for strengthened cyber insurance role (Business Insurance) Insurer advocates are hailing a U.S. House of Representatives panel's examination of the role cyber insurance can play in risk management
Privacy watchdog chairman resigns two years before end of term (The Hill) The first-ever head of a small federal privacy watchdog is resigning this summer, a year and a half before his term ends in 2018
U.S. Secretary of Commerce taps Rapid7 CEO as an adviser (Boston Business Journal) The U.S. Secretary of Commerce has appointed Corey Thomas, CEO of Boston-based cybersecurity firm Rapid7, along with 16 other tech leaders from around the country to serve on the U.S. Commerce Department's Digital Economy Board of Advisors
Australia hunts copyright infringers with anti-piracy code boost (IT Pro Portal) Australia has recently published its “three strikes” anti-piracy code which may compel internet service providers to provide customers’ details to TV and movie studios after they have been warned over alleged copyright infringement three times.
Read more: http://www.itproportal.com/2015/04/23/australia-hunts-copyright-infringers-anti-piracy-code-boost/#ixzz44ONI3SKI
Litigation, Investigation, and Law Enforcement
Court vacates iPhone hack order against Apple, focus shifts to New York (IDG via CSO) The order was vacated after the FBI said it had accessed data on a terrorist’s phone
US says it would use “court system” again to defeat encryption (Ars Technica) Feds say they can force entire tech sector, not just Apple, to disable security
Apple wants the FBI to reveal how it hacked the San Bernardino killer's iPhone (Los Angeles Times) Apple Inc. refused to give the FBI software the agency desperately wanted. Now Apple is the one that needs the FBI's assistance
How the FBI Cracked the iPhone Encryption and Averted a Legal Showdown With Apple (ABC News) An urgent meeting inside FBI headquarters little more than a week ago is what convinced federal law enforcement officials that they may be able to abandon a brewing legal fight with tech giant Apple, sources told ABC News today
FBI cracks *that* iPhone (Naked Security) Big news! The Superbowl of cryptographic lawsuits is over, abandoned shortly before the final period of play
Cellebrite confirmed as FBI’s third party in iPhone security case (Developing Telecoms) Israeli firm Cellebrite has been identified as the third party that provided assistance to the US government in bypassing Apple’s iPhone security
There is a winner in Apple’s court battle with the FBI (Globe and Mail) Did Apple win? Or the U.S. government? Neither did
How is Apple doing in its fight for #nobackdoors? (Naked Security) In the battle between Apple and the US government over security backdoors, it’s hard to say who is winning and who is losing, not least because the fight is far from over
Oracle seeks $9.3 billion for Google’s use of Java in Android (PCWorld) The figure appears in a report by Oracle's damages expert, which Google strongly contests
Wells Fargo settles with California for privacy law violations (Reuters via Business Insurance) A Wells Fargo & Co. unit will pay $8.5 million to California and five counties to settle charges that it violated customers' privacy due to not disclosing in a timely fashion that it was recording their calls, California's attorney general said on Tuesday
Banks ‘should not compensate’ victims of online fraud (We Live Security) UK Metropolitan police commissioner Sir Bernard Hogan-Howe has advised banks not to offer compensation to victims of online fraud, arguing that the increased risk will encourage people to better protect themselves against cybercrime
Creator of spoofed police Facebook page may be charged with felony (Naked Security) On 2 March 2016, some joker posted a Facebook page that spoofed a police department, replete with fake news posts and insults