Free technical content sponsored by Splunk
Learn How to Quickly Analyze Network Events With Splunk. Let us take you step-by-step through a security investigation to understand where and how an attacker entered your network and how to remediate the threat. Start with a demo video then perform the investigations yourself in a live, preconfigured Splunk instance to identify the root cause of the infection. https://www.sans.org/info/195330 |
|
|
|
Contractor Arrested in Connection with Leaked NSA Report
(June 5, 2017)
An NSA report leaked to a US media outlet indicates that Russian intelligence agents hacked computers belonging to a voting systems manufacturer just weeks before the November 2016 presidential election. The stolen information is believed to have been used in a spear phishing campaign. A government contractor has been arrested in connection with the leak.
Editor's Note [Stephen Northcutt]
Here is the famous Intercept URL, (Intercept is the organization the alleged leaker sent the data to):
Wired magazine reported, "Intercept reporters then shared the report, in some form, with intelligence officials at the Office of the Director of National Intelligence and the NSA prior to publication to discuss redacting any details that might be damaging to national security." If you absolutely must disclose Top Secret information please try to do so in a responsible manner. Note they welcome leaks and are open to topics other than Russian hacking:
https://theintercept.com: Leaked Documents Reveal Counterterrorism Tactics Used at Standing Rock to "Defeat Pipeline Insurgencies"
Regarding the Hill article focused on the voting machine manufacturer hack, from time to time experts raise concerns about electronic voting machines:
The timing of the release is interesting, ex-FBI Director James Comey is scheduled to testify on the topic of Russian interference in the 2016 election this coming Thursday:
Read more in:
|
|
|
US Supreme Court Will Hear Mobile Phone Location Data Case
(June 5, 2017)
The US Supreme Court will hear arguments in a case regarding the need for a warrant to use cell-site data to track a suspect's location. The case, Carpenter v. United States, No. 16-402, involves data held by a mobile phone company. The question is whether police are required to obtain a warrant to access mobile phone location histories. Police currently have access to the information without the need for a warrant through the third-party doctrine, which allows police to demand information from companies if the information is considered a normal business record.
Read more in:
|
|
|
Pandemic CIA Cybertool Infects Computers Through File Servers
(June 1, 2017)
WikiLeaks has published information about a purported CIA cybertool that can infect computers through file servers. Known as Pandemic, the tool can be used to turn Windows file servers into machines that distribute whatever malware the attacker wants to use. When a computer that the tool wants to infect tries to access a file on the server, the computer is served a malicious version of that file.
Read more in:
|
|
|
|
|
Healthcare Cyber Security Task Force Report
(June 5, 2017)
The US Department of Health and Human Services Health Care Industry Cybersecurity Task Force has released its first report to US legislators. The report underscores the point that digital vulnerabilities are threats not only to information but also to patients' safety. It calls for the government and private sector healthcare entities to work together on six imperatives that include defining leadership, governance, and expectations for healthcare cybersecurity; increasing the resilience and security of medical devices and IT; and identifying ways to protect research and development and intellectual property from theft.
Editor's Note [John Pescatore]A solid set of recommendations but a lot of focus on new frameworks, regulations, etc. vs. overcoming obstacles that caused decades of talk about and spending on security and privacy around personal health information and medical equipment with very little actual progress. While the Critical Security Controls were not specifically cited, good to see basic security hygiene concepts sprinkled across the higher priority recommendations. [William Hugh Murray]Legislation is difficult; HIPAA is the example. Few laws were better intended; few have had such perverse effects. Health data duplication has increased, much of it still on paper. "Portability" is a joke, privacy and security breaches routine, use of IT sparse, expensive, ineffective and despised by the service providers. After twenty years we still wait patiently for any of its promises to be met. IT "modernization" may be necessary but it will be difficult under the law and far from a solution to all the problems.
|
|
|
VA Will Adopt Electronic Health Record System Used by Defense Department
(June 5, 2017)
The US Department of Veterans Affairs is moving from its legacy electronic health record (EHR) system to a commercial, off-the-shelf product that is also used by Defense Department (DoD). The VA will drop its Veterans Information Systems and Technology Architecture (VistA) and switch to the MHS Genesis HER system. The move means that military personnel's EHRs can move with then from DoD to VA once they retire from the military. The VA's system will have additional capabilities so it can interact smoothly with its healthcare partners around the country.
Editor's Note [Lee Neely]The VA plan calls for participation from clinicians, read customization, and the 2018 budget calls for a $218M cut to IT spending, which, in combination can cause a project like this to fail. Management of the scope and adequate budget are crucial for success and should be planned before they start. I worry the VA is not considering the migration effort nor the resources required to run in parallel until the cutover completes.
|
|
|
EternalBlue Now Being Used to Distribute More Malware
(June 5, 2017)
The EternalBlue exploit that was used in the WannaCry ransomware attacks is now being used to distribute the Nitol backdoor and Gh0stRAT malware. The exploit takes advantage of a flaw in the Windows Server Message Block (SMB) networking protocol.
Read more in:
|
|
|
Newest Version of Safari Will Block Autoplay by Default
(June 5, 2017)
At its Developers Conference this week, Apple said that the newest version of its safari browser will automatically block autoplay. Another new feature, intelligent tracking prevention, will block websites from tracking users' browser data, which means users will no longer see searches conducted on one site appear as advertisements on another.
Read more in:
|
|
|
GAO Report: FDIC Needs to Improve Security Controls
(June 2, 2017)
According to a report from the US Government Accountability Office (GAO), the Federal Deposit Insurance Corporation (FDIC) needs to do more to improve its information security controls. The report also notes that while the FDIC has implemented "numerous information security controls intended to protect its key financial systems," there are still concerns regarding access controls and the isolation of its financial systems from the rest of its network.
Read more in:
|
|
|
US Department of Health and Human Services OIG Report
(June 2, 2017)
The US Department of Health and Human Services (HHS) Office of Inspector General (OIG) has submitted its semi-annual report to Congress. Among OIG's findings: HHS "faces challenges to protect the privacy and security of the data it collects and maintains."
Read more in:
|
|
|
ICO Data on Reported Breaches
(June 1, 2017)
According to data obtained from the UK's Information Commissioner's Office (ICO), 43 percent of breaches reported between January 2014 and December 2016 affected the healthcare sector. While healthcare had the highest percentage of reported breaches, other sectors are seeing greater increases in the number of breaches reported. Across all sectors, more breaches were caused by human error than by external cyber threats.
Read more in:
|
|
|
|
|