Cybersecurity News Bytes for the Week Ending 5 Jan 2018
Microprocessor Vulnerabilities Discovered; Major Impacts Worldwide
According to a 3 January report in Wired magazine and multiple media sources, security researchers have discovered a long-standing vulnerability in microprocessor chips which causes memory leaks outside running processes. That vulnerability in turn allows access to other items in core memory (e.g. passwords) leading to a potential compromise of system security. The vulnerability has existed for at least a decade, and resulted from the microprocessor industry’s efforts to increase processor speed. The vulnerability affects any computer, mobile device, server, or cloud architecture containing microprocessor chips from Intel, AMD and Arm Holdings, whose chips are found in most mobile phones. The hardware flaws are dubbed Meltdown and Spectre. Meltdown seems to be limited to Intel chips and allows access to the operating system’s core memory. This flaw can potentially be fixed with a software patch. Spectre, in contrast, can access running programs without a call to the operating system. This flaw will be harder to fix and may require equipment to be replaced. Nevertheless, Microsoft, Google, Apple, and Amazon have all applied patches to address the new vulnerabilities. SANS Institute has issued a helpful list of security guidance links. Wired, 3 Jan 2018; SANS ; and multiple media sources 3-5 Jan 2018.
Iran Blocks Social Media to Stifle Protests
The Iranian leadership has responded to recent nationwide protests by blocking access to the Internet on mobile networks. Starting on 30 December, the blocks have been primarily targeted at social media and messaging apps. Desktop connectivity and apps do not appear to be affected. Blocking mobile networks is a popular tool used by authoritarian governments whenever large public protests occur. The government of the Democratic Republic of Congo recently blocked mobile services ahead of anticipated protests, and similar efforts have been reported in Kashmir and Gabon. Motherboard
Ukrainian Security Service Foils Russian Cyber Attacks
Ukrainian press on 30 December described a recent report by the SBU (Ukrainian Security Service) concerning the large number of cyber attacks against Ukrainian government entities stopped by the SBU over the past year. The attacks, attributed to Russia, included phishing attacks, social engineering, and ransomware. Unian Information Agency
Security Researcher Demonstrates Espionage Capabilities in Antivirus Software
Cybersecurity researcher Patrick Wardle of Digita Security demonstrated how Kaspersky antivirus software can be tweaked to scan for and flag sensitive documents. Wardle’s approach takes advantage of a vulnerability in Microsoft Windows to manipulate Kaspersky’s AV software by adding a rule that scans documents for words or phrases associated with classified documents. He demonstrated the capability by inserting the classification caveat “TS/SCI” into a text of Winnie the Pooh. The tweaked AV software identified and quarantined the document as soon as Wardle saved it to his hard drive. New York Times, 1 Jan 2018
Cybersecurity May be Getting Better
A thought-provoking article in Infosecurity Magazine discusses trends in cyber threats over the past 20+ years and states that, despite the still-serious threats in cyberspace, enterprise security has actually improved. Cybersecurity professionals over the years have employed Security Operations Centers, improved business plans, and improved technology to deal with threats to operating systems, web browsers, and software plugins. The industry for the most part is now focused on the “smash and grab” tactics seen in ransomware attacks over the past couple of years. Author Gary Golomb of Awake Security points out that focusing on the positive trends in security as opposed to sensationalizing the latest data breach leads to a better understanding of where cybersecurity is today and what the trend lines tell us about the future. Infosecurity Magazine, 3 Jan 2018
NIST Looking for Industry Partners to Improve IoT Security
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) is inviting industry to demonstrate products and expertise for the “Mitigating IoT-based DDOS Building Block,” an initiative to improve security of the Internet of Things. Interested companies are invited to submit letters of interest and potentially enter into a consortium Cooperative Research and Development Agreement (CRADA) for the Mitigating IoT-based DDOS Building Block. Collaborative activities will begin as soon as enough letters of interest have been submitted. NCCoE is in Rockville, Maryland. Federal News Radio, 1 Jan 2018 and Federal Register
Georgia Breaks Ground on Addition to New Cybersecurity Center
On 3 January, the Governor of Georgia broke ground for a $35 million expansion to the new $60 million cybersecurity campus in Augusta which itself is still under construction. The campus is on the Savannah River and includes the Cyber Innovation and Training Center and an incubator hub. Classroom space, a cyber range, and an area designated for classified work are also in the works. Governor Nathan Deal said to expect additional expansion of the center as Georgia “has seized the opportunity to do something about cybersecurity.” The new facilities are expected to open in 2019. Atlanta Journal-Constitution, 3 Jan 2018
DHS Data Breach Affects almost 250,000 Employees and Non-Employees
A DHS Inspector General (IG) report issued on 3 January described a 2014 breach of the department’s investigative case management system. The breach was not the result of a cyber attack, but was found in the possession of a former DHS IG employee. The data contained non-specified personal information on over 247,000 employees and an unstated number of non-employees who were either interviewed by the IG or were the subjects of IG investigations. DHS is offering free credit monitoring services to those affected by the breach. NextGov, 3 Jan 2018
Visit our HOME PAGE
