Pages

Monday, October 14, 2019

Medical Data Breach Puts Details of a Million New Zealanders at Risk



David Eastman, the man jailed for almost 20 years for killing one of Australia's top police officers, has been awarded more than $7 million in compensation after he was found not guilty of the crime.

Key points:

  • David Eastman is awarded $7.02 million after spending nearly two decades in jail for a murder he was found not to have committed
  • The ACT Government had offered Mr Eastman an "act of grace" payment of more than $3 million, but he refused because it required that he waive his right to further compensation
  • The 74-year-old previously told court of the despair and fear he felt in jail, and the assaults he had suffered

David Eastman awarded more than $7 million for wrongful murder conviction, almost 20 years in jail



David Eastman rejected $3.8 million 'act of grace' payout from ...

SBS
In a redacted statement made to the court, Mr Eastman publicly detailed for the first time the abuse and beatings he faced while in prison.
 

John Hatton: the case that almost broke me | South Coast ...


Police Mafia link: John Hatton recalls ordeal of Winchester ...

The Hill
October 10, 2019
A bipartisan group of senators is calling for all branches of government to share information on threats to technology supply chains, citing potential risks to national security. In a Wednesday letter to Office of Management and Budget Director Mick Mulvaney, top members of the Senate Homeland Security Committee called for the Federal Acquisition Security Council (FASC) to come up with a plan of action. The intelligence community (IC) shares information on threats to the information technology supply chain with civilian agencies through the FASC. Senators want that threat information made available to other branches of government. “Both Congress and the Executive branch have devoted considerable time identifying ways to enhance the supply chain security of information and communications technology (ICT) on U.S. government systems,” the senators wrote. “The work is vitally important, but executive agency solutions do not always mean whole of government solutions.” The senators emphasized that “the government must ensure that information used to secure executive agency computer systems and networks is shared with ICT professionals in Congress and the judiciary.”

TechCrunch
October 9, 2019
Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure Security Agency (CISA), founded just less than a year ago, wants the new administrative subpoena powers to lawfully obtain the contact information of the owners of vulnerable devices or systems from internet providers. CISA, which warns both government and private-sector businesses of security vulnerabilities, privately complained of being unable to warn businesses about security threats because it can’t always identify who owns a vulnerable system. The new proposal would allow CISA to use its new powers to directly warn businesses of threats to critical devices, such as industrial control systems — typically used in critical infrastructure. These systems are highly sensitive and are increasingly the target of hackers to disrupt real-world infrastructure, like the power grid and water supply. By law, internet providers are not allowed to share their subscriber data without first receiving a legal demand, such as a subpoena, that can be issued from a federal agency without requiring the approval of a court.

The Hill
October 8, 2019
Five Republican senators sent a letter to Microsoft on Tuesday stressing that Chinese telecommunications giant Huawei poses a “real and urgent” threat after an executive at the American tech giant complained the U.S. hasn't been open about why Huawei was blacklisted. The letter from GOP Sens. Tom Cotton (Ark.), Marco Rubio (Fla.), Rick Scott (Fla.), Josh Hawley (Mo.) and Mike Braun (Ind.) to Microsoft President and Chief Legal Officer Brad Smith details several allegations of “espionage activities” and “technology theft and economic warfare." President Trump in May directed the Commerce Department to place Huawei on its "Entity List." U.S. companies are forbidden from doing business with firms on the list, but the government has granted Huawei multiple "general temporary licenses" since. The U.S. has long considered Huawei a national security threat because of its deep connections to the Chinese government. Smith last month in an interview with Bloomberg Businessweek said that Microsoft has asked U.S. regulators to explain the decision to blacklist Huawei multiple times. “Oftentimes, what we get in response is, ‘Well, if you knew what we knew, you would agree with us,’” Smith said. “And our answer is, ‘Great, show us what you know so we can decide for ourselves. That’s the way this country works.’” In their letter Monday, the senators said that publicly available information is enough to prove Huawei should be reprimanded.


ADMINISTRATION

Nextgov
October 11, 2019
The Cybersecurity and Infrastructure Security Agency’s cyber threat analysis chief shared fresh details this week around an ongoing campaign of cyberattacks linked to the Chinese government, specifically targeting managed service providers. “The core issue with the compromise of managed service providers is that it really gives the attacker a force-multiplier effect,” CISA’s Rex Booth said at a summit hosted by FCW Thursday. Earlier this year, Homeland Security conducted a series of webinars to educate the American public about the rising attacks that take advantage of companies’ possible internal vulnerabilities. Since 2006, the Homeland Security Department has tracked a threat group, commonly known in the security industry as APT10, which Booth noted is sponsored by the Ministry of State Security in China. Between 2014 to 2018, the agency noticed a strategic shift in the threat group's tactics: The hackers began specifically targeting America’s managed services providers, or MSPs. Those providers remotely manage customers’ information technology infrastructure or other tech-based systems.

CyberScoop
October 11, 2019
The National Security Agency’s new Cybersecurity Directorate, charged with helping protect the defense industrial base and sensitive government computers by providing insights on foreign hackers, is now at initial operating capability, senior NSA officials informed reporters at a rare briefing Thursday at Fort Meade. Just this week the fledgling directorate took one of its first public actions, issuing an unclassified alert about nation-state hacking groups actively exploiting vulnerabilities on virtual private networks. Beyond the usual job of such alerts — identifying the bugs and recommending mitigations — the directorate made a point to provide ways for organizations to check whether they have been victimized, something the directorate intends to continue in unclassified ways moving forward. “We need to be sure that people who own networks that are vital to the national security systems and defense systems of this nation can figure out if adversaries have gained access into their networks,” NSA spokesperson Natalie Pittore said. “It’s about preventing but also kicking out the adversary.”

Nextgov
October 10, 2019
The Army kicked off its second bug bounty competition yesterday, according to a press release, offering hundreds of thousands of dollars to white-hat hackers able to find vulnerabilities in the service’s public-facing systems. For the service’s second “Hack the Army,” a mix of federal civilians, active U.S. military and certain invited individuals will scour more than 60 publicly accessible web assets for vulnerabilities until Nov. 8. The top three U.S.-based hackers will be invited to participate in a team competition and awards ceremony at the end of the competition.  “Opening up the Army’s cyber terrain to the hacker community is exactly the type of outside-the-box, partnership approach we need to take to rapidly harden and better defend our most foundational weapons system: the Army network,” Lt. Gen. Stephen Fogarty, Army Cyber Command’s commanding general, said in a statement.

Gov Info Security
October 10, 2019
The personal data of Mississippi citizens is susceptible to breaches because many state agencies, universities and other organizations are failing to comply with all the mandates of the state's cybersecurity law, according to a report issued by the Office of the State Auditor. The audit found that many agencies were not in full compliance with the Mississippi Enterprise Security Program. The state law passed in 2017, which codified the guidelines in the state's security program, requires the implementation and maintenance of security policies and standards by any organization or agency that relies on Mississippi's state IT network. The recently release auditor's report notes that of the 125 organizations asked to participate in a survey, 54 did not respond to requests for information. Of the 71 state agencies and organizations that did respond, over half were less than 75 percent compliant with the enterprise security program. "The results of the survey show that Mississippians' personal data may be at risk," the report states. "Many state agencies are operating as if they are not required to comply with cybersecurity laws, and many refused to respond to auditors' questions about their compliance."

FCW
October 9, 2019
While much of the discussion around supply chain security has focused on the parts, components and gear that make up an organization's physical IT assets, a growing number of experts are making the case that vulnerabilities in the software supply chain may represent the larger cybersecurity threat over the long haul. A 2018 survey of 1,300 IT security professionals by cybersecurity firm CrowdStrike found that nearly 80% of respondents said their organizations needed to devote more resources to their software supply chain, and 62% said the issue was being overlooked during IT spending decisions. That lack of attention may be creating easy pathways for malicious hackers. According to Cheri Caddy, director of public private partnerships at the National Security Agency, rudimentary, easily exploitable software vulnerabilities are still the most common ways bad actors get into systems and networks. "I think part of the challenge in this space is not only do you have to anticipate dynamic change in the future … but we're still living in the space where we haven't lifted the lowest common denominator and we're still talking about cyber hygiene," Caddy said at an Oct. 9 event hosted by the Atlantic Council.

Gov Info Security
October 9, 2019
Federal regulators are proposing a "safe harbor" that would permit hospitals to donate certain cybersecurity software and services to physicians. The move would modify the so-called Stark Law and federal anti-kickback regulations. Reacting to the proposal, privacy and security attorney Stephen Wu of the law firm Silicon Valley Law Group notes: "In the short run, anything that can help doctors improve their cybersecurity is good. However, in the long run, you don't want doctors to be overly dependent on hospitals for their cybersecurity." In a statement Wednesday, the Department of Health and Human Services said its two proposed rules - one issued by the Centers for Medicare and Medicaid Services, and the other by HHS Office of Inspector General - aim to "modernize and clarify the regulations that interpret the Physician Self-Referral Law - the 'Stark Law' - and the Federal Anti-Kickback Statute." Portraying the proposals as a way to help improve patient care coordination by ensuring secure health information exchange, HHS says the two rules would "provide greater certainty for healthcare providers participating in value-based arrangements and providing coordinated care for patients. The proposals would ease the compliance burden for healthcare providers across the industry, while maintaining strong safeguards to protect patients and programs from fraud and abuse."

Nextgov
October 8, 2019
Nation-state actors are actively exploiting vulnerabilities in three different virtual private network services to gain access to users’ devices, according to the National Security Agency. In an advisory issued Monday, NSA said international hackers were taking advantage of bugs in older versions of virtual private network applications produced by Pulse Secure, Fortinet and Palo Alto Networks. Users of the products are “strongly recommended” to update their systems, the agency said. Virtual private networks, or VPNs, allow users to safely share data across public Wi-Fi and other potentially insecure networks. According to the advisory, the vulnerability in the Pulse Secure product allows nefarious actors to remotely execute code and download files, as well as intercept encrypted network traffic. The bugs in the other two systems both allow for remote code execution, the NSA said.

FCW
October 7, 2019
The National Institute for Standards and Technology is looking to enter into cooperative research agreements for products and technical expertise that can secure energy-related internet-of-things devices. In a posting scheduled to be published Oct. 8 in the Federal Register, NIST is asking all interested organizations to submit letters of interest to enter a Cooperative Research and Development Agreement with the agency to "provide an architecture that can be referenced and develop guidance for securing [industrial IoT devices] in commercial and/or utility-scale distributed energy resource environments." The initiative marks the first foray into the energy sector for the National Cybersecurity Center of Excellence, a clearinghouse for public and private sector cyber expertise established in 2012. "The expected outcome of the demonstration is to improve the security of [industrial IoT] across an entire energy sector enterprise," the notice states. "Participating organizations will gain from the knowledge that their products are interoperable with other participants' offerings."

Nextgov
October 7, 2019
Local governments facing an onslaught of ransomware attacks are increasingly turning to insurance to protect them if hackers successfully take control of a city’s computer system. But experts warn that local governments may not be getting the level of protection they need through basic policies. And when insurance companies opt to pay ransoms, rather than cover the (sometimes exorbitant) cost to recover data, they make local governments a bigger target for hackers. Larger cities may purchase their own individual plans, like Houston did in 2018 when it paid close to $500,000 for a $30 million plan that would cover emergency response to cybersecurity breaches and losses associated with a cyberattack. In contrast, many smaller municipalities receive coverage through pooled plans, such as those offered by associations. “A lot of plans that municipalities are looking at—it’s a patchwork,” said Alan Shark, executive director of the Public Technology Institute, a technology organization that works with city and county governments. “There are no universal standards.”

CNN
October 5, 2019
An attempted hack into a mobile voting app used during the 2018 midterm elections may have been a student's attempt to research security vulnerabilities rather than an attempt to alter any votes, three people familiar with the matter told CNN. Mike Stuart, the US attorney for the Southern District of West Virginia, revealed at a press conference Tuesday that an FBI investigation "is currently ongoing" after an unsuccessful attempted intrusion into the Voatz app, which West Virginia has used since 2018 to allow overseas and military voters to vote via smartphone. No criminal charges have been filed. The sources told CNN that the FBI is investigating a person or people who tried to hack the app as a part of a University of Michigan election security course. Michigan is one of the main academic hubs of election security research in the country, housing the trailblazing Michigan Election Security Commission. The office of West Virginia Secretary of State Mac Warner had previously communicated to Stuart that suspicious activity against the Voatz app came from IP addresses associated with the University of Michigan, one of the people familiar with the matter told CNN.


INDUSTRY

CyberScoop
October 11, 2019
The cyber insurance industry is taking baby steps away from a long and messy infancy. For the hundreds of companies that offer policies, toddlerhood is here, and it means exerting more influence over how clients protect their networks and information. For years, headlines have fixated on how big firms like AIG and Zurich have been locked in legal disputes over specific claims, but insurers are now trying to be more proactive with customers. The smartest approach for everyone, they say, is to prevent breaches from happening in the first place. Key to that, and saving money, is trying to identify the products that are most effective. Marsh, the global insurance broker and risk adviser, last month published its first list of Cyber Catalyst-designated products, a tag given to 17 services that a group of insurance firms say its clients should consider, including offerings like FireEye’s Endpoint tool and CrowdStrike penetration testing service. Insurers for years have assessed security products, and partnered with vendors, but the breadth of the Cyber Catalyst program proves the industry thinks it has enough data about prior security incidents to help clients avoid breaches in the future.

Gov Info Security
October 11, 2019
CafePress has been hit with a lawsuit alleging that it failed to notify customers about a massive data breach in a timely manner. The Louisville, Kentucky-based personalized product retailer sells custom T-shirts and a variety of other printed materials. The company believes that about 23 million users' details got swiped. In addition, security experts have warned that instead of using a fit-for-purpose password-hashing algorithm, CafePress was continuing to use SHA-1, which is outdated and stores passwords in a manner that is relatively easy for hackers to crack.

Ars Technica
October 10, 2019
Attackers exploited a zeroday vulnerability in Apple's iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week. The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post. The bug is known as an unquoted service path, which as its name suggests, happens when a developer forgets to surround a file path with quotation marks. When the bug is in a trusted program—such as one digitally signed by a well-known developer like Apple—attackers can exploit the flaw to make the program execute code that AV protection might otherwise flag as suspicious.

CyberScoop
October 10, 2019
Cybersecurity researchers have discovered two new tools used by a prolific hacking group known as FIN7, highlighting how, despite a law enforcement crackdown, the group appears to be thriving and making a lot of money in the process. The Eastern European hacking crew, which researchers say has stolen over $1 billion from victims in recent years, is using a new “dropper” to deliver its malicious code, as well as a payload that tampers with a remote IT administration tool, cybersecurity company FireEye said Thursday. Mandiant, FireEye’s incident response arm, discovered the new tools while responding to recent FIN7 hacks in the hospitality industry. It appears the attackers are going after their usual targets — payment card processors — to try to steal money. “We have multiple ongoing victims and felt that, especially within the security industry, [this was information] we needed to get out there” to raise awareness, said Regina Elwell, principal threat analyst at FireEye.

Wired
October 9, 2019
At this point, it's painfully unsurprising to hear new examples of tech companies misusing customer data. But a particularly shameful version of the story has become increasingly common: services pulling phone numbers and other data used for two-factor authentication into their marketing databases. On Tuesday, Twitter became the latest tech giant to join those ranks. The company said in a statement that it accidentally ingested phone numbers and email addresses collected for security measures like two-factor into two of its advertising systems, called Tailored Audiences and Partner Audiences. The company didn't give the information directly to marketers, but used it to help them target ads to Twitter users. Twitter stopped the data bleed on September 17, three weeks before coming forward about it. It's not clear for how long the improper sharing had taken place prior, and Twitter says it doesn't know how many users were affected. "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize," the company wrote in its statement. "We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again."

CSO
October 9, 2019
A security audit sponsored by Mozilla uncovered a critical remote code execution (RCE) vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw can be exploited if an attacker can force maliciously crafted data to be outputted by the terminal application, typically in response to a command issued by the user. ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations. The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn’t, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies.

ZDNet
October 8, 2019
Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion's servers and is still being delivered to all of the company's client stores. Volusion has not returned emails or phone calls from this reporter, nor from security researchers from Check Point and Trend Micro. Cyber-security firm RiskIQ is also tracking the incident and confirmed the hack to ZDNet.

CyberScoop
October 8, 2019
Insurance giant AIG argued to a New York federal court on Monday that it is not responsible to cover nearly $6 million in losses incurred by a client that was victimized by suspected Chinese hackers. The company asked a court in the Southern District of New York to dismiss a lawsuit filed in August by SS&C Technologies, a $6 billion financial technology company, which alleged that AIG violated its contract by failing to cover losses from fraud. Hackers fleeced SS&C out of $5.9 million in 2016 by emailing company employees from spoofed email addresses, and requesting monetary transfers. AIG says its policy stipulates that the insurer will not cover losses stemming from criminal activity. “SS&C admits that it has filed suit seeking indemnity coverage for its settlement of a breach of contract claim concerning criminals using ‘spoof emails’ to trick SS&C into improperly using its authority over its client’s bank account to send $5.9 million of its client’s funds to bank accounts controlled by criminals in Hong Kong,” AIG said in court documents filed Monday.

AP
October 7, 2019
While small and mid-sized businesses are increasingly targets for cybercriminals, companies are struggling to devote enough resources to protect their technology from attack. That’s one of the findings of an annual survey of companies released by the Poneman Institute, which researches data protection, and Keeper Security, a manufacturer of password protection software. The survey found that 76% of the 592 U.S. companies surveyed had experienced a cyberattack in the previous 12 months. That was up from 70% in a survey in 2018, and 63% in a 2017 survey. The most common attacks were phishing and social engineering scams, cited by 57% of companies. These are invasions that target unsuspecting computer, smartphone and tablet users with realistic-looking emails; if a user clicks on a link or attachment in the email, malicious software is downloaded onto the device. Forty-four percent of companies reported an attack that came via a website.

The Wall Street Journal
October 6, 2019
Andy Fitzgerald, chief executive of a community health system in Wyoming, was visiting his son in Georgia last month when he received a distressing text message from his chief operating officer: Their company had been hit by a cyberattack. Hackers had locked up sensitive patient information and medical devices at Campbell County Health and demanded a ransom. “My initial thought was, ‘Oh crap,’” said Mr. Fitzgerald, who declined to say whether he paid the demand. In the days after the attack, the health system, which operates a 90-bed community hospital and other facilities, was forced to cancel services including radiology, endocrinology and respiratory therapy. The organization transferred patients to hospitals as far away as South Dakota and Denver. Cash registers, email and fax were unavailable. Doctors had to resort to pen and paper to document medical conditions, and with prescription records inaccessible, patients were asked to bring medication bottles to visits. Employees have worked around the clock in the past few weeks to restore services, which are mostly back to normal, he said.

Tuscaloosa News
October 5, 2019
The DCH Health System has made a payment to the hackers responsible for the crippling attack on its computer system that’s impacted operations at its three hospitals since early Tuesday morning. Hospital officials haven’t revealed how much was paid, but said in a statement Saturday that teams are working around the clock to restore normal hospital operations. “We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and in alignment with our health system’s mission,” system spokesman Brad Fisher said Saturday morning. “This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be keeping confidential specific details about the investigation and our coordination with the attacker.” There has been no evidence that patient or employee data was affected, he said.


INTERNATIONAL

CyberScoop
October 10, 2019
Hackers potentially working on behalf of a foreign government have targeted Moroccan human rights advocates with malicious software built by NSO Group, a controversial spyware vendor, according to Amnesty International. Since 2017, journalist Maati Monib and Abdessadak El Bouchattaoui, an attorney who has protested the Moroccan government’s security forces, repeatedly have received malicious links and browser redirections that, if trusted, would install the Pegasus malware, Amnesty found. It’s the latest allegation that NSO Group provided Pegasus to a customer that used it for more than combating terrorism and crime. The software allows attackers to take almost total control of an affected phone. Human Rights Watch has documented a list of government efforts to obstruct reform in Morocco, including prison sentences for people who have “harmed” the monarchy there or insulted Islam. El Bouchattaoui, one of the activists whose experience was detailed by Amnesty, was sentenced to two years in prison for internet posts criticizing authorities’ use of excessive force during demonstrations in 2017.

Reuters
October 9, 2019
The European Union warned on Wednesday of the risk of increased cyber attacks by state-backed entities but refrained from singling out China and its telecoms equipment market leader Huawei Technologies as threats. The comments came in a report prepared by EU member states on cybersecurity risks to next-generation 5G mobile networks seen as crucial to the bloc's competitiveness in an increasingly networked world. The authors chose to ignore calls by the United States to ban Huawei's equipment, drawing a welcome from the Shenzen-based company after it faced U.S. accusations that its gear could be used by China for spying. "Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks," the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.

AP
October 9, 2019
Cybercriminals are using new technology and exploiting existing online vulnerabilities as they shift their focus to larger and more profitable targets, the European Union’s police agency said in a report published Wednesday. Europol said in its annual Internet Organized Crime Threat Assessment report that since digital data is a key target "data security and consumer awareness are paramount for organizations." "While we must look ahead to anticipate what challenges new technologies, legislation, and criminal innovation may bring, we must not forget to look behind us," Europol Executive Director Catherine De Bolle said. "'New' threats continue to emerge from vulnerabilities in established processes and technologies." The report, which is intended to give police and policy makers an overview of cybercrime trends, also referred to what the authors called "data overload" in efforts to counter online images of child sexual abuse.

CyberScoop
October 8, 2019
An Iran-linked hacking group that targeted a U.S. presidential campaign in recent months also has a history of trying to compromise cybersecurity analysts who have exposed the hackers’ operations, the analysts told CyberScoop. The hackers have previously sent researchers at Israeli company ClearSky Cyber Security malware-laced emails purporting to be from an antivirus company, according to Ohad Zaidenberg, the company’s senior cyber intelligence researcher.  The hacking group, which analysts say works in support of Iranian interests, also set up a phishing website mimicking that of ClearSky and a web-mail page “built to attack our clients,” Zaidenberg told CyberScoop. ClearSky flagged some of the activity last year, saying the hackers had failed to breach the company or its clients. But the attackers appear to be very persistent. “They tried to attack me personally and ClearSky as well many times,” Zaidenberg said. “They don’t like us.” The episode highlights the lengths to which the group might go to try to infiltrate the cybersecurity specialists who track them. And it is just the latest activity in what has been a busy few months for the Iranian computer operatives, known to researchers as Charming Kitten, APT35, or Phosphorus.

ZDNet
October 8, 2019
France's cyber-security agency has published an alert about cyber-espionage campaigns targeting the infrastructure of service providers and engineering firms. "Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients," the National Cybersecurity Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), said in a technical report published on Monday. Samuel Hassine, the head of ANSSI's Cyber Threat Intelligence division, said the agency compiled the report with information from recent ANSSI investigations following incident response activities.

AFP
October 6, 2019
The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid. US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement "a critical moment for the Baltic States in strengthening cybersecurity" in strategic energy infrastructure. "We see a crucial role that US could play in assisting the Baltic States with strategic and technical support," the four officials said in a joint declaration signed in the Lithuanian capital Vilnius. Lithuania said it was looking for US technology firms able to modernise software used to control energy systems to prevent attacks by Russian hackers that could disrupt energy supplies. "Lithuanian energy sector remains a Russian cyber target, the network system is constantly being scanned for gaps, therefore we seek US security technologies in our energy production and distribution systems," Edvinas Kerza, Lithuania's top cyber security official who attended the talks with Perry, told AFP.

Reuters
October 5, 2019
Nearly a million New Zealanders face the risk that their medical data has been accessed illegally after a cyber attack on the website of Tū Ora Compass Health, the company said on Saturday. The website was hacked in August, but investigations also uncovered previous attacks dating from 2016 to March 2019, the health firm, which collects and analyses patient information from medical centers, said in a statement. "While this was illegal and the work of cyber criminals, it was our responsibility to keep people's data safe and we've failed to do that," Martin Hefford, Chief Executive Officer of Tū Ora, said in the statement. Both Tū Ora and New Zealand's Ministry of Health said they have not been able to determine whether the cyber attacks resulted in any information being accessed. Tū Ora said it holds health data on people from the greater Wellington, Wairarapa and Manawatu regions dating back to 2002.


TECHNOLOGY

Wired
October 10, 2019
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise. But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment.

ZDNet
October 9, 2019
The Tor Project has removed from its network this week more than 800 servers that were running outdated and end-of-life (EOL) versions of the Tor software. The removed servers represent roughly 13.5% of the 6,000+ servers that currently comprise the Tor network and help anonymize traffic for users across the world. Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit relays -- where users exit the Tor network onto the world wide web after having their true location hidden through the Tor network. The organization said it plans to release a Tor software update in November that will natively reject connections with EOL Tor server versions by default, without any intervention from the Tor Project staff. "Until then, we will reject around 800 obsolete relays using their fingerprints," the Tor Project said in a statement this week.

Wired
October 9, 2019
The security community generally agrees on the importance of encrypting private data: Add a passcode to your smartphone. Use a secure messaging app like Signal. Adopt HTTPS web encryption. But a new movement to encrypt a fundamental internet mechanism, promoted by browser heavyweights like Google Chrome and Mozilla's Firefox, has sparked a heated controversy. The changes center around the Domain Name System, a decentralized directory that acts essentially as the internet's address book. When you send data to or request it from a server, a DNS lookup ensures that it goes to and comes from the right place. Google and Mozilla plan to encrypt those interactions sometime this year. Which sounds straightforward enough—but not everyone is convinced that the shift solves more problems than it potentially creates.



via Nick Leiserson