• Blue Cross and Blue Shield of Rhode Island and Independence Blue Cross report breaches
    Blue Cross and Blue Shield of Rhode Island (BCBSRI) is blaming a vendor for a breach that compromised the personal health information of 1,567 people and Philadelphia-based Insurer Independence Blue Cross was breached in a separate incident. The unnamed vendor reportedly sent the member benefits explanations, also known as health-care services summaries, to the wrong BCBSRI member in the same household or on the same family policy, according to the Providence Journal. Read more The mistake stemmed from Blue Cross’ use of a vendor “to combine healthcare service summaries for some members who were covered on the same policy in an effort to reduce the number of summaries members received. In mid-July, BCBSRI learned that in some instances, the summaries were being combined incorrectly by the vendor, resulting in summaries being sent to the wrong family member or other person covered on their family policy,” the report said. The firm emphasized that no information was disclosed to anyone other than a family member or a person covered on the same family policy.Read More
  • A vigilante botnet is taking out crypto-jacking malware
    A new botnet is on the rise but it isn't being used to take down websites or hack servers, it's going after crypto-jacking malware. When it discovers the malware on a website, it takes it over before destroying them both. Known as Fbot, the botnet scans websites for a specific piece of mining malware and when it finds it, the botnet takes over the nefarious software and then destroys itself, taking the malware with it. Typically, the malware is installed via a malicious download or infected website and forces the system it’s attached to mine cryptocurrency. As of now, the creators of Fbot remain as unknown as the developers of the crypto-jacking malware it targets, but their efforts appear admirable. The researchers who discovered the botnet, Qihoo360Netlab, claim that there appear to be links between this botnet and the Satori botnet which has in the past been used to infect mining hardware.Read More
  • RDP Ports Prove Hot Commodities on the Dark Web
    Most of the time, RDP is used for legitimate remote administration: when companies outsource IT, or remote admins have to access a colleague's machine, they most commonly use RDP to connect to it. There are many actions a threat actor can take with RDP access (credential harvesting, account takeover, cryptocurrency mining among them) and it's easier for them to launch these threats if they have access to an RDP port. Still, many threat actors of all skill levels buy RDP access on the Dark Web, where the ports are hot commodities, as are tools to delete attackers' activity once their work is done. Once they have RDP credentials, an attacker can use their access to launch several attacks. Less skilled attackers are more likely to purchase bulk RDP access on the Dark Web, Wisniewski adds, because they lack expertise to find open ports. Breaching networks and servers via RDP ports remains of great interest to cybercriminals, according to Flashpoint, and there is a clear trend toward automating the process of detecting exposed RDP targets and brute-forcing access.Read More
  • EPAM Systems Partners Positive on Cybersecurity Research Lab
    EPAM Systems, Inc. EPAM recently announced that it has joined forces with cybersecurity consulting and research firm Positive on a Cybersecurity R&D Lab dedicated to research in security solutions and services. EPAM Systems, Inc. Revenue (TTM) | EPAM Systems, Inc. Quote With enterprises realizing the need for stricter security measures, EPAM and Positive’s combined research infrastructure is expected to aptly serve the purpose. Companies are expected to further increase spending on cyber security, including intensive research, which is necessary to come up with sounder and stricter measures to combat security breaches, and EPAM seems to cash in on this opportunity. EPAM currently has a Zacks Rank #3 (Hold). EPAM Systems, Inc. (EPAM) : Free Stock Analysis ReportRead More
  • Expandable ads can be entry points for site hacks
    The researcher says he identified several vulnerabilities in iframe busters --the name given to files that websites host on their server to support "expanded ads." Advertising companies provide these iframe busters to site owners who want to show ads from the ad network's portfolio. Westergren says that many of these iframe buster scripts are vulnerable to cross-site request (XSS) vulnerabilities that allow an attacker to take advantage of the iframe buster file hosted on a site's server to run malicious JavaScript code on that site. The researcher says he identified XSS vulnerabilities in most of the iframe buster scripts that, until recently, Google has been providing for download as part of a multi-vendor iFrame Buster kit, offered through the DoubleClick AdExchange documentation site. Westergren detailed four examples on his blog, showing how an attacker could run malicious code on any site that uses iframe busters from ad networks like Adform, Eyeblaster (Add in Eye), Adtech, and Jivox.Read More
  • INTERPOL-Europol conference calls for global response to cybercrime
    With cybercriminals using increasingly sophisticated methods and technologies to carry out their illicit activities, the 6th INTERPOL-Europol Cybercrime Conference will focus on the most pressing cyberthreats today and in the future, from attacks against the financial and government sectors and the rise of ‘cybercrime as a service’ to denial of service attacks and business e-mail compromise scams. Under the theme of ‘Globalized efforts to tackle cybercrime’, the three-day (18 – 20 September) conference will look at ways in which stakeholders from all sectors can combine their expertise to make the internet a more secure environment. Key areas of discussion will include developing actionable cyberthreat intelligence, identifying cybercriminals through their online behaviour, defining the role of digital forensics, implementing national and regional legislations to tackle cybercrime, and crisis response planning.Read More
  • Why the 'fixed' Windows EternalBlue exploit won't die
    The Microsoft Windows EternalBlue exploit was released to the public in 2017 as part of a leaked cache of surveillance tools owned by the US National Security Agency (NSA)'s Equation Group hacking team. Among the exploit cache were exploits and zero-day vulnerabilities which allowed the NSA to compromise Windows and Linux systems, network equipment, firewalls, and more. Security researchers and affected vendors immediately set to work patching the leaked vulnerabilities, and whilst EternalBlue is a security flaw which was resolved, outdated and unpatched systems still permit the exploit to flourish in the hands of threat actors. The EternalBlue vulnerability, CVE-2017-0144, targets the Microsoft Windows Server Message Block (SMB) protocol and allows attackers to execute arbitrary code. Avira says that the exploit is finding its way to cracked and pirate versions of Microsoft Windows which are operating on the old SMB1 protocol, which is vulnerable to EternalBlue. According to recent research from Cybereason, a new outbreak of Wannamine, based on EternalBlue, has shown that the attack is still highly active a year after disclosure.Read More
  • Cybersecurity in digital era requires technological innovation: experts
    Source: Xinhua| 2018-09-18 16:32:20|Editor: ZX Video PlayerClose CHENGDU, Sept. 18 (Xinhua) -- Maintaining cybersecurity in the era of the digital economy requires more technological innovation, according to experts at a summit on cybersecurity technologies in southwest China's city of Chengdu. "We should proactively stay immune and resort to trusted computing, using codes as the genes to timely identify the elements in the network," he said. "It's like raising the immunity of the network information system, which is our only way out." According to Zheng Junfang, chief risk officer of China's online retail giant Alibaba, new approaches and technologies should be applied to "defend by attacking," as Alibaba is exploring cutting-edge security technologies such as algorithmic defense and artificial intelligence. "Only by innovating our thinking methods and patterns can we accomplish the leaping innovation of cybersecurity technologies," she said.Read More
  • Proofpoint: One month out from deadline, half of agency domains are DMARC compliant
    With a month left on a deadline for federal government domains to implement a key email security policy, cybersecurity company Proofpoint says agencies have made significant progress, but is doubtful that each one will actually make it in time. The Department of Homeland Security issued a binding operational directive (BOD) last year ordering all agencies to have the highest level of DMARC (Domain-based Message Authentication, Reporting and Conformance) within a year. In a report published Monday, Proofpoint notes 51.9 percent of agency domains are compliant at this point. While more than half of the total number of agency domains are in the green, Proofpoint says 25 percent of the 133 agencies subject to the directive are fully compliant with all of their domains. According to Proofpoint, 26 percent of agencies have not yet begun deploying DMARC. Apart from the yearlong project of having DMARC at the highest level, the directive asked agencies to at least implement DMARC on some level within 90 days.Read More
  • FBI Warns Parents of Edtech Security Risk
    Edtech platforms are an increasingly popular way to improve student collaboration and personalize learning experiences, but they also harvest highly sensitive data on students, according to the Feds. “In late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information,” noted the FBI alert. “The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.” Edtech companies themselves can also be targeted: one vendor last year was found to have exposed internal data on a publicly accessible server, while another was breached, with student data ending up for sale on the dark web, according to the FBI.Read More