Top News

Grid List

As the pace of technological change in cloud data centers speeds up, the list of endeavors in cloud data centers grows longer. A sampling of that list includes Internet of Things, innovation, big data, mobile and social access, and SDN/NFV.

The Independent AV-Test Institute has analyzed 16 Linux security solutions against Windows and Linux threats under Ubuntu. The results are disconcerting.

 Experts at Paloalto Networks discovered a strain of Apple iOS malware dubbed YiSpecter that is able to infect both jailbroken and non-jailbroken devices.

Security experts at Cisco Talos have discovered a new strain of the Fareit Info stealer that uses a different File hash for each attack to avoid AV Detection

FOR HACKERS LOOKING for fraud victims, few targets are as tempting as the data brokers that make a business out of assembling millions of people's private information. That's a lesson T-Mobile is learning now that its partnership with one such data collector, Experian, has resulted in the theft of 15 million T-Mobile customers' private details.

Half a decade into the cloud-first initiative, adoption in the federal government continues to be way behind schedule mostly due to security concerns. Vendors argue that those concerns are exaggerated.

Companies in the healthcare sector are three times more likely to encounter data theft than the average firm, according to a report released this morning.

Cyber attacks against healthcare systems are likely to increase and students investigated the feasibility of breaching a medical training mannequin.
Security experts are warning the medical industry about the hacking of any medical equipment implanted in the human body such as pacemaker and insulin pump.

Eighty-one percent of healthcare executives say their organizations have been compromised by at least one malware, botnet or other kind of cyberattack during the past two years, according to a survey by KPMG.

The KPMG report also states that only half of those executives feel that they are adequately prepared to prevent future attacks. The attacks place sensitive patient data at risk of exposure, KPMG said.

The 2015 KPMG Healthcare Cybersecurity Survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans.

screen shot 2015 08 26 at 5.00.13 pm

Sixty-six percent of the IT executives at healthcare plans who were surveyed said they were prepared to fend off attacks. Based on revenue, larger organizations are better prepared than smaller ones, KPMG said.

Compared with past KPMG polls, the one released Wednesday showed that the number of attacks on healthcare IT systems has increased, with 13% of respondents saying they are targeted by external hack attempts about once a day and another 12% seeing about two or more attacks per week.

"More concerning, 16% of healthcare organizations said they cannot detect in real-time if their systems are compromised," the report said.
Malware, which is designed to disrupt or gain access to private computer systems, was the most frequently reported line of attack during the past 12 to 24 months, according to 65% of survey respondents. Botnet attacks, where computers are hijacked to issue spam or attack other systems, and "internal" attack vectors, such as employees compromising security, were cited by 26% of respondents.

The areas with the greatest vulnerabilities within an organization include external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%).

The KPMG survey found that spending to prevent cyberattacks has increased at most institutions, but it has to be on the right initiatives and fit the organization's strategy, said KPMG's Gregg Bell. "There are no cookie-cutter approaches to security. An organization with a mobile workforce may have a far different technology need from an organization that processes healthcare claims, for example."

"The vulnerability of patient data at the nation's health plans and approximately 5,000 hospitals is on the rise and health care executives are struggling to safeguard patient records," Michael Ebert, who runs KPMG's Healthcare & Life Sciences Cyber Practice, said in a statement. "Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed."

KPMG listed five main reasons healthcare organizations are facing increased security threats:
The adoption of digital patient records and the automation of clinical systems.
The use of antiquated electronic medical records (EMRs) and clinical applications that are not designed to securely operate in today's networked environment -- and software vendors who push that problem to the provider.
The ease of distributing electronic personal health information both internally (via laptops, mobile devices, thumb drives) and externally (third party firms and cloud services).
The heterogeneous nature of networked systems and applications (i.e. network-enabled respirator pumps on the same network as registration systems that can browse the Internet).
The evolving threat landscape, where cyberattacks today are more sophisticated and well-funded, given the increased value of the compromised data on the black market.
Healthcare organizations not experiencing an increase in cyber attacks are also more likely to underestimate the threat, according to Bell, who leads KPMG's Cyber Practice.

"The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect," Bell said.

TrapX, a renowned security providing delivery of deception based cybersecurity defense uncovered a security flaw in medical field dubbed as medical device hijack, or simply put MEDIJACk. The flaw can allow attackers to exploit main healthcare systems by breaking into the unpatched and outdated medical devices.
Let it be Anthem hack or CareFirst BlueCross BlueShield, this year has already experience a decent number of breaches within healthcare organizations. While various attacks and causes have been pointed out as the compromises by these providers, it never got stated as a prominent news that medical devices could be the true causes of breaches that took place and the ones that are going to be discovered sooner or later.

Trapx found that most of the medical organizations are vulnerable – if not a victim to MEDIJACK already, or simply put medical device hijack. The main networks of healthcare systems are initially exploited when hackers get to break into unpatched and outdated devices, like blood gas analyzer or X-ray scanner. The company wrote, the attackers build their backdoors into systems via such devices that are connected to the Internet.

General Manager at TrapX, Carl Wright wrote in an email to SCMagazine,

"Our scientists have observed that you could manufacture an attack, designed specifically for several models of a specific medical device, and then launch that attack". "That, combined with the difficulty in diagnosis and remediation, and the very high value of healthcare data, create a near perfect target for organized crime."
Various case studies have been conducted by TrapX where they found, most of the hospitals take good care of their IT departments with solid firewalls and other security solutions, while on the contrary – such devices are left without patching most of the times.

medjack schemeTypically, as the machines run for many days continuously, it never gets disconnected or even the security team remains unable to completely review the operating system console of the devices.

"Every malware infection that connects a network to an outside attack, in the United States, is a serious event and most likely would be categorized by that healthcare institution as a security event under their HIPAA operating procedures," Wright said. "Given that patient data is at risk, the medical device manufacturer needs to indicate exactly how they will respond to mitigate the situation so that a data breach can be contained or stopped, and normal hospital operations can resume."
All of the organizations who get aware of MEDIJACK threat, should devise a better security strategy, suggests Wright. Moreover, the professionals must ask device vendors how the devices support and invite them to aid in mitigating these attacks. The life cycle of each device should also be determined, and vendors should confirm if they make use of digitally signed software or not.

The software needs to be digitally signed, and life cycle will help a long way as the organizations will have a clear picture in mind as to when they should replace the old devices with new ones.

The authors of the Stegoloader malware are exploiting digital steganography to target companies worldwide, mainly US Healthcare companies.
A couple of weeks ago, the security researchers at Dell SecureWorks discovered a new strain of malware dubbed Stegoloader, that exploits steganography as an evasion technique. Once infected the victim's machine, a specific loader module loads a PNG file that contains the malicious code from a legitimate website.

Stegoloader, which is active since 2012, was used to compromise systems of companies operating in various industries, including healthcare, education, and manufacturing.

"Looking at recent victims of the Stegoloader malware, we observed that majority of the infected machines counted for the last three months came from the United States (66.82%), followed by Chile (9.10%), Malaysia (3.32%), Norway (2.09%), and France (1.71%)." states a report from Trend Micro.

2 Pie Chart

The experts speculate that Stegoloader could be a powerful weapon in the arsenal of hackers that are targeting healthcare organizations with the intent to compromise medical records.

"The reemergence of TROJ_GATAK and its apparent focus on certain regions and industries show that cybercriminals continually experiment with the creative uses of steganography for spreading threats." continues the post.

The experts discovered several strains of the Stogoloader over the time, the malware is evolved across the months, but the routines from variants of past years remain the same.

The experts highlighted that victims were mainly infected by downloading key generators or keygens from third-party sites instead phishing attacks or by using malicious exploit kits.

Once downloaded, it poses as a legitimate file related to Skype or Google Talk and downloads the photo containing its routines.

The Stegoloader malware implements various evasion techniques to avoid investigation from law enforcement and security firms, it checks for example that its code isn't running in an analysis environment.

Below the SHA1 hashes related to the Stegoloader malware:








Health care providers are increasingly using smartphones and tablets for tasks such as accessing and transferring medical records, and submitting prescriptions, but these devices may not be secure enough to protect sensitive medical information from hackers.

That's the conclusion of the U.S. National Institute of Standards and Technology, whose cybersecurity center released a draft guide Thursday to help health IT professionals shore up the mobile devices.

"Mobile devices are being used by many providers for health care delivery before they have implemented safeguards for privacy and security," the agency said.

The guide provided thorough explanations on how to implement security procedures across a health care organization's entire IT system. For example, there are sections that describe how to connect Apple and Android mobile devices to a commercial mobile device management cloud platform. Step-by-step directions are provided on setting up a Linux-based firewall as well as on creating mobile device certificates, among other security technologies. The guide doesn't endorse a specific product and mentions open-source and proprietary technologies. The center used products that are readily available and can easily be integrated with an organization's existing IT infrastructure.

Another section of the guide looked at what security risks posed the greatest threat to keeping patient data confidential. Hackers gaining access to an IT system by exploiting weak passwords ranked as one of the top issues, followed by network sniffing and, perhaps unsurprisingly, stolen mobile devices.

The cybersecurity center also subjected a mock IT system to various security attacks and offered advice on how a health care organization could react to them. In one scenario, a mobile device that could access an EHR (electronics health records) system was lost. To mitigate the threat, the device was blocked from tapping into the hospital network and its data erased via a remote wipe.

Other scenarios showed how implementing access control for different systems could prevent hackers from getting to patient information even after they infiltrated a hospital network. In one example, a phishing attack was used to obtain system passwords and remotely log in to a desktop. In the second case, an unauthorized person, like a hacker or a rogue employee, obtained the password to an EHR system.

In both incidents, the credentials allowed intruders to see a network diagram. However, accessing the systems where sensitive data was stored wasn't possible since that action required administrator passwords and the attackers lacked those credentials.

Encryption was cited as a way to protect data even if an attacker gains physical access to a data center and taps into the network traffic.

The guide pointed out that implementing security must be balanced with making sure health care workers can easily use the technology to perform their duties. In emergency situations, work-around access controls maybe introduced so staff have immediate access to data.

SSO will bring several benefits, but our manager has to be prepared to address any security lapses that could accompany it.

Why wasn't the security breach prevented? Seems like the question that gets asked of security breaches that make the headlines. While some cheer the focus and attention, others cringe at the assertion. The response is natural.

Although Advanced Persistent Threats and Targeted Attacks are often confused, in their core these are two different things in the field of online security. Most businesses out there need only worry about one of these two types of attacks, focusing their efforts to remain thoroughly protected against both enemies and threats.

Extroverts and introverts - does it matter?

The concepts of introversion and extroversion are often confused as a measure of connection. People consider extroverts outgoing and introverts as reserved.

This is a limiting view.

Instead, ask "Where do I get my energy?"

A CISO who just started a new job for one of the top 10 cable companies in the US recently lamented how he does not have a cybersecurity budget to purchase tools from FireEye, Palo Alto Networks, and Cylance like his peer CISOs get too.

Computer incidents today are a far cry from those of the past. Computer incidents involving data breaches today can take down businesses and leadership, in much the same way or greater than an earthquake or fire can destroy a company through a physical business outage. Data breaches such as that at Target have shown that having the ability to recognize an incident quickly and escalate up to appropriate leadership is a critical business competency.

Security experts at Trend Micro have uncovered a spam campaign spreading a bogus PayPal app to steal German users' banking credentials.

A spam campaign is targeting German Andoird users, the malicious emails impersonate PayPal trying to trick the recipient into downloading a bogus PayPal app update that hides a banking Trojan.

The researchers at Security Intelligence announced that Shifu banking trojan is officially spreading to the UK targeting Banks and Wealth Management Firms.

A few weeks ago researchers at Security Intelligence announced the discovery of the sophisticatedbanking Trojan Shifu, the malicious code has been used to target the customers of more than a dozen Japanese banks.

Security researchers have discovered a new malware program that infects automated teller machines (ATMs) and allows attackers to extract cash on command.

Three times as many credit cards will be chip-enabled by the end of the year as debit cards, making the slower banks bigger targets for cybercriminals.

According to the malware researchers at FireEye Labs Suceful is the first multi-vendor ATM malware threatening the banking industry. Experts at FireEye have discovered a new strain of malware dubbed Suceful (Backdoor.ATM.Suceful) specifically designed to target ATMs. Malware designed to hack ATMs are not new, in the past security experts have already detected malicious codes used to make ATMs dispense cash, such as Ploutus or Tyupkin.

For someone working in the security area, it's known that many companies have red teams to attack their own system, but this information is never recognized by the company.

Barclays did exactly the opposite and confirmed that it has created a red team to attack the company systems in order to assess their resilience to cyber attacks.

Subscribe to our email list and stay up-to-date with all our awesome news and latest updates.

Be our Friend

ISC2 Study Guide for the CISSP Exam

Security Professionals

JobSeekers, upload your resume and get the security job you want

For Employers

Employers, post your jobs and get hte talents you need

Tools & Methodologies

Grid List

At the Virus Bulletin 2015 conference, the security researcher Oleg Petrovsky detailed methods that can be used to hack drones with pre-programmed routes.

Zerodium is an Exploit trader and it's offering a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings.