Hackers Hijack Google DoubleClick Ads*:
- Hackers have infused malware in Google's DoubleClick advertising service to serve ads to consumers that contain cryptocurrency mining software.
- The security company detected an increase of nearly 285% in the number of Coinhive miners on January 24.
- Mining cryptocurrency through ads is a relatively new form of abuse that violates Google's policies, and in this case the ads were blocked in less than two hours.
- Data shows that affected countries include Japan, France, Taiwan, Italy, and Spain.
- Users reported that their antivirus software notified them that cryptocurrency mining has been detected as they watched YouTube videos.
- Analysis at Trend Micro found two different web-miner scripts embedded and a script that displays the advertisement from DoubleClick.
- The affected webpage shows the legitimate advertisement, while the two web miners covertly perform their task.
*Source: Media Post, January 27, 2018
This VPN Bug Has a 10 Out of 10 Severity Rating*:
- Cisco has warned customers using its Adaptive Security Appliance (ASA) software to patch a dangerous VPN bug.
- The vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
- A successful attack using multiple, specially crafted XML packets would allow an attacker to take "full control of the system."
- ASA devices are only exposed if the webvpn feature is enabled.
- The bug applies to FTD 6.2.2, which Cisco released in September and was the first version to support remote access VPN.
- Cisco has provided instructions for admins to see which versions of ASA and FTD they’re running, and has also provided a table detailing versions affected by the vulnerability.
- The company notes that it is not aware of any attacks that have used the vulnerability, but that situation could change soon.
- The bug was reported by NCC Group security researcher Cedric Halbronn, who will explain how he exploited the flaw in Cisco's AnyConnect/WebVPN on ASA devices at an upcoming conference.
*Source: ZDnet, January 30, 2018
The Tools Hackers Use to Steal Your Office's Secrets*:
- Hackers have a dirty secret – it’s that much of their success at infiltrating a target’s social media account, PC, or company servers relies not on technical skill but on being really good at faking it.
- Known as social engineering, hackers will often simply trick their targets into handing over their sensitive data.
- Sometimes it only takes asking a hapless customer service agent to turn over your private info, while other times it requires more heavy-duty equipment.
- Cybersecurity experts at Netragard brought out their hacker toolbox of social engineering gadgets to show how a skilled social engineer can walk through an organization’s office wearing an inconspicuous disguise and make off with loads of information.
- Using this nefarious gear, a hacker can vacuum up employees’ RFID card data from up to 10 feet away with a scanner, access restricted areas of the office using an NFC card emulator, and pop a fiber optic clip-on coupler directly onto a company’s internet line.
*Source: Gizmodo, January 30, 2018
Dev and Security Adjustments to Prepare for GDPR*:
- The increase in breach frequency is driving tremendous awareness and pressure in Washington, which likely means new, more strict regulations on data privacy.
- One such regulation companies are already prepping for is GDPR – the legal framework that sets guidelines for collecting, processing, and storing the personal information of individuals within the European Union.
- This will include the Privacy by Design obligation requiring businesses to factor in data privacy at the initial design stages of a project, as well as throughout its entire lifecycle.
- For DevOps, this means cutting corners with security or adding it in after-the-fact is no longer an option.
- More than five million records are stolen each day, and the associated cost of a breach is forecast to be $150m by 2020.
- Under GDPR, there are some serious sanctions and penalties for not being in compliance.
- Multiple or intentional infractions will result in a penalty of €10-20 million or 2-to-4% of global annual turnover from the prior year, whichever is greater.
- Automation and orchestration are two approaches that can help level the playing field and start increasing the cyber resiliency of organizations.
- The scope of what personal data is covered under GDPR includes the following: name, email address(es), address, identification number, social media posts, bank details, online identities, medical details, IP Address/ISP, and cookies.
- Essentially anything that can be used to determine one's identity is covered under GDPR, which creates a substantial challenge for IT leaders.
- Transparency with end users on how you will be storing and using their personal data is one of the core principles set forth by GDPR.
- Data security needs to be an integral part of the storage solution, and all data should be encrypted both in transit and at rest.
- The GDPR outlines the key titles and responsibilities for the data, which are:
- Data Protection Officer – subject matter expert in data protection laws
- Data Controller – Any entity that collects data from EU residents
- Data Processor – Service provider that processes data on behalf of data controller
- These three roles along with their respective teams need to work with development and security to lay out the strategy for data acquisition, processing, and storage, and then put repeatable processes in place to ensure proper compliance.
*Source: Information Week, January 25, 2018
'Jackpotting' Targets U.S. ATMs to Make Them Spit Out Cash*:
- Cyber criminals are hacking ATM machines in the U.S. through “jackpotting” – an attack in which piles of cash spill out of the machines.
- This kind of hacking has now hit the U.S. after spreading worldwide in recent years, and the U.S. Secret Service has warned financial companies about them.
- ATM manufacturers Diebold Nixdorf and NCR Corp. have mentioned these attacks have occurred in the U.S. but did not detail whom they have targeted and how much money was deposited.
- The ATMs targeted by the hacking include ones located in “pharmacies, big box retailers, and drive-thru ATMs.”
- During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.
*Source: Fortune, January 28, 2018
Retirement Community Reports Potential PHI Data Breach for 5.2K*:
- Maryland-based Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (Ingleside) experienced a possible PHI data breach when it was targeted by a malware attack.
- Ingleside discovered the malware attack in November 2017, and immediately launched a software program to try and find and remove the malware from the organization’s system.
- There is no evidence that any data was misused, but Ingleside added that it could not rule out the chance that certain information may have been compromised.
- The OCR data breach reporting tool states that 5,228 residents may have been affected.
- Potentially impacted data includes resident names, addresses, dates of birth, Social Security numbers, and PHI; financial transactions, including payment information, were not included in the affected information.
- The retirement community added that it will be offering free credit monitoring and identity theft restoration services for potentially impacted individuals.
*Source: Health IT Security, February 01, 2018