In healthcare security, they are taught above all else that life and limb are important. Given that it makes sense that data and personal information are not always the top priority, and this drives what happens. A lot of activity that might be considered suspicious in any other industry is overlooked. We need to make a cultural shift from cyber-security as a compliance “check-box” to doctors treating the protection of their patients’ personal data as a priority. Maybe even putting the consequences of prison time or financial loss directly on the clinical staff responsible.
September 26, 2019
Get ready Texas; Ford Autonomous vehicles are coming to the streets of downtown Austin!
No, this is not something out of a science fiction film; we are indeed residing in the future. In November, Ford will be mapping out the streets of downtown Austin, one of the three cities chosen to unveil and test its new line of autonomous vehicles, and eventually spread out services throughout the entire city.
Modern aircraft systems are becoming increasingly reliant on networked communications systems to display information to the pilot as well as control various systems aboard aircraft. Small aircraft typically maintain the direct mechanical linkage between the flight controls and the flight surface. However, electronic controls for flaps, trim, engine controls, and autopilot systems are becoming more common. This is similar to how most modern automobiles no longer have a physical connection between the throttle and the actuator that causes the engine to accelerate.
Before digital systems became common within aircraft instrumentation, the gauges and flight instruments would rely on mechanical and simple electrical controls that were directly connected to the source of the data they were displaying to the pilot. For example, the altitude and airspeed indicators would be connected to devices that measure the speed of airflow through a tube as well as the pressure outside the aircraft. In addition, the attitude and directional indicators would be powered by a vacuum source that drove a mechanical gyroscope. The flight surfaces would be directly connected to the pilot’s control stick or yoke—on larger aircraft, this connection would be via a hydraulic interface. Some flight surfaces, such as flaps and trim tabs, would have simple electrical connections that would directly turn motors on and off.
Modern aircraft use a network of electronics to translate signals from the various sensors and place this data onto a network to be interpreted by the appropriate instruments and displayed to the pilot. Together, the physical network, called a “vehicle bus,” and a common communications method called Controller Area Network (CAN) create the “CAN bus,” which serves as the central nervous system of a vehicle using this method. In avionics, these systems provide the foundation of control systems and sensor systems and collect data such as altitude, airspeed, and engine parameters such as fuel level and oil pressure, then display them to the pilot.
After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to these systems, given some level of physical access to a small aircraft’s wiring. Such an attacker could attach a device—or co-opt an existing attached device—to an avionics CAN bus in order to inject false measurements and communicate them to the pilot. These false measurements may include the following:
Incorrect engine telemetry readings
Incorrect compass and attitude data
Incorrect altitude, airspeed, and angle of attack (AoA) data
In some cases, unauthenticated commands could also be injected into the CAN bus to enable or disable autopilot or inject false measurements to manipulate the autopilot’s responses. A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, so this could result in an emergency landing or a catastrophic loss of control of an affected aircraft.
While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector. While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems.
written by: A. Smith
July 25, 2019
If you have an Android device, it is a very capable possibility. The idea in which it is implemented is utilizing a method known formally as Spearphishing. (No, unfortunately, it is not a term referring to the extreme pastime of underwater fishing.)
Spearphishing has a more sinister definition in the tech industry.. If you are unfamiliar with the term or practice, I would highly recommend a quick online search to expand your tech vocabulary. A sixteen-page analysis of findings released on July 12, 2019, by a team of expert researchers from the University of Alabama and Rutgers University, exposed a very real security threat. Through their research and testing, they developed a new 3-pronged attack on the Android OS known as: Spearphone *p2 L13.
The general take-away from reading this technically descriptive analysis simply boils down to understanding that the most mundane features on a phone, such as using voice commands for your search engine or utilizing speakerphone during an important business conversation. Those unassuming practices may expose your personal and confidential data to a cybercriminal or someone with malicious intent. Always be aware of every possibility and have a deep understanding of the importance of cybersecurity to your personal life and business. The question is not if, but when, and whether or not you a worthy target? Do you work for a company in which you retain sensitive work-related data on your phone?
Interesting parting thoughts to ponder.
For the full technical paper click on the following link: Spearphone: A Speech Privacy Exploit via Accelerometer-Sensed Reverberations from Smartphone Loudspeakers
*This article was solely written for the intent of educational purposes under the Fair Use act. *
A user's unique identifier, UDCID, is leaked via a cookie and it could lead to account compromise if this identifier is captured or otherwise known, in the case tested the UDCID was known to be the institutional ID printed on ID cards. The UDCID could be used to exploit a race condition that would provide an attacker with unauthorized access. For a student, the attacker could drop them from their courses, reject financial aid, change their personal information, etc. For a professor, this could lead to an inability to manage their courses, allow a malicious student to put in false final grades, etc. For an administrator, an attacker could change users information, place false holds on student accounts, etc.
Throughout 2018 and 2019, malicious cyber actors used desktop sharing software to facilitate a range of network intrusion activities, using both authorized and unauthorized installations to gain control of victim systems and access to otherwise inaccessible files. Desktop sharing software has multiple legitimate uses, enabling telework, tech support, and file transfers, but can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Specifically, cyber actors typically convince victims to voluntarily download and install the desktop sharing software, often through the guise of providing technical support or with the assistance of corrupt insiders. Cyber actors also use stolen credentials to access victim systems through existing desktop sharing software installations. This gives cyber actors complete control over an affected system, enabling them to perform a range of malicious activities.
“They contacted me to become a "shipping clerk" where I received packages to my address, inspected them, and rerouted them to their international customer. The compensation was said to be 2500/month before taxes. I was contacted by HR, had two supervisors I reported to, signed a DOCUSIGN document from HR confirming my employment. I had a phone interview with 3 "levels" from the business. I even got offered a "promotion" 3 weeks in because I was a promising new hire. My pay day came and went, and when I talked to HR about it they suddenly didn't know who I was…” —a military spouse from North Carolina
Cyber security is complicated. Cyber security tips are not. To be an expert, it takes years of training and experience to ensure that all aspects of what can go wrong are accounted for and understood. But for the Average Joe, that amount of time and commitment is an unrealistic expectation. That’s why these six sexy, simple cyber security tips should be studied seriously by anyone who uses the internet (that’s you!).
An organization's culture highlights the beliefs and behaviors of employees and management. Recently, new trends of creating a security culture have grown in importance; one in which all individuals are alert for cyber threats, follow company policies and procedures and report all security incidents.
Texas law allows anyone to buy voter registration records. Driver's license records can be purchased by a wide range of people and companies for uses including "the normal course of business."
After acknowledging June 28 that portions of its network were affected, Nuance, based in Burlington, Massachusetts, is still picking up the pieces. In addition to transcription, Nuance named about 10 other affected products, including those used for radiology, billing and software that tracks quality of care.
The cover, GUCCIFER2, is not a particularly good one. The GUCCIFER2 website has only a single entry, the one claiming responsibility for the DNC hack. There is no history of this entity existing before the operation began (the oldest Google result is the GUCCIFER2 website.) In future I expect that services will develop “cover” entities for use in times of crisis, just like they prepare safe houses before they need them. Note to agencies: preparing and maintaining cover hacker identities should now be considered standard tradecraft, part of “putting the plumbing in place.”
Since Shamoon incidents feature the infiltration and escalation stages of targeted attacks, X-Force IRIS responders sought out the attackers’ entry point. Their findings pointed to what appears to be the initial point of compromise the attackers used: a document containing a malicious macro that, when approved to execute, enabled C2 communications to the attacker’s server and remote shell via PowerShell.
Online merchants are not supposed to store CVV2 codes, but hackers can steal the codes by placing malicious software on a company’s e-commerce site, so that the data is copied and recorded by the intruders before it is encrypted and transmitted to be processed.
FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office documents exploiting the vulnerability that download and execute malware payloads from different well-known malware families.
FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks.
FireEye email and network products detect the malicious documents as: Malware.Binary.Rtf.
The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object. When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious .hta file, which appears as a fake RTF file. The Microsoft HTA application loads and executes the malicious script. In both observed documents the malicious script terminated the winword.exe process, downloaded additional payload(s), and loaded a decoy document for the user to see. The original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link.
The vulnerability is bypassing most mitigations; however, as noted above, FireEye email and network products detect the malicious documents. Microsoft Office users are recommended to apply the patch as soon as it is available.
FLARE Team, FireEye Labs Team, FireEye iSIGHT Intelligence, and Microsoft Security Response Center (MSRC).