1)
TRITON
Malware Targeting Critical Infrastructure Could Cause Physical Damage
– Security researchers have uncovered another nasty piece of malware designed
specifically to target industrial control systems (ICS) with a potential to
cause health and life-threatening accidents. Dubbed Triton, also known as Trisis,
the ICS malware has been designed to target Triconex Safety Instrumented
System (SIS) controllers —an autonomous control system that independently
monitors the performance of critical systems and takes immediate actions
automatically, if a dangerous state is detected. According to separate
research conducted by ICS cybersecurity firm Dragos, which calls this malware
"TRISIS," the attack was launched against an industrial
organization in the Middle East.
2)
Newly Uncovered
'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks
- Security researchers have uncovered a previously undetected group of
Russian-speaking hackers that has silently been targeting Banks, financial
institutions, and legal firms, primarily in the United States, UK, and
Russia. In the past 18 months, the hacking group is believed to have
conducted more than 20 attacks against various financial organizations—stolen
more than $11 Million and sensitive documents that could be used for next
attacks. Since its first successful attack in May last year, MoneyTaker
has targeted banks in California, Illinois, Utah, Oklahoma, Colorado, South
Carolina, Missouri, North Carolina, Virginia and Florida, primarily targeting
small community banks with limited cyber defenses.
3)
Security
Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL - A
team of security researchers has discovered a critical implementation flaw in
major mobile banking applications that left banking credentials of millions
of users vulnerable to hackers. The affected banking apps include HSBC,
NatWest, Co-op, Santander, and Allied Irish bank, which have now been updated
after researchers reported them of the issue. SSL pinning is a security
feature that prevents man-in-the-middle (MITM) attacks by enabling an
additional layer of trust between the listed hosts and devices. When
implemented, SSL pinning helps to neutralize network-based attacks wherein
attackers could attempt to use valid certificates issued by rogue
certification authorities.
4)
Here's
where 'Smart Hospitals' will make big tech investments in the near future
- Building on top of today’s digital infrastructure, Smart Hospitals will
focus on patient experience, outcomes, the Triple Aim and they’ll make
expensive acquisitions between now and 2025. Smart hospitals optimize,
redesign, or build new clinical processes, management systems and potentially
infrastructure, enabled by underlying digitized networking of interconnected
assets, to provide a valuable service or insight, which was not possible or
available earlier, to achieve better patient care, experience, and
operational efficiency. Digital transformation is happening in almost
every industry and healthcare is no exception. Analyst house IDC earlier
this year pegged the global DX market at escalating as high as $20 trillion
in the coming years.
5)
The
next big thing in pharmacy supply chain: Blockchain - With $200
billion lost to counterfeit drugs annually and patient safety issues, a
chain-of-custody log that blockchain could enable holds promise. Blockchain
has the potential to transform healthcare in general and the pharmacy supply
chain in particular. The distributed ledger technology could offer
legislative, logistical and patient safety benefits for pharmaceutical supply
chain management. From a regulatory perspective in the United States,
blockchain technological and structural capabilities, in fact,
extraordinarily map to the key requirements of the Drug Supply Chain Security
Act.
6)
Healthcare
Faces Poor Cybersecurity Prognosis - The healthcare industry is
underestimating security threats as attackers continue to seek data and
monetary gain. Threat actors rarely attack with the intent of causing
physical harm, most are looking for financial gain. eSentire reports
patient records are worth between $0.05 and $2.42 USD each. Attackers can
sell them on the Dark Web, use them for tax fraud or blackmail, or for
conducting spear phishing campaigns. Opportunistic attacks are common because
of the amount of vulnerable devices.
7)
As
India Surveys Bitcoin Exchanges, West Toughens Its Regulations - Once
voiced by a cryptocurrency enthusiast, “Bitcoin will do to banks what
email did to the postal industry” has now been raised by Israel’s Prime
Minister Benjamin Netanyahu while speaking of cryptocurrencies, exchanges and
cryptocurrency regulations. “Is the fate of banks that they will eventually
disappear? Yes. The answer is Yes. Does it need to happen tomorrow? And do we
need to do it through Bitcoin? That’s a question mark!” stated the PM.
8)
Kaspersky
Lab Detects 360,000 new Malicious Files Daily - The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. The number of daily
detected malicious files reflects the average activity of cybercriminals
involved in the creation and distribution of malware. This figure was
calculated for the first time in 2011 and totaled 70,000 at that time. Since
then it has grown five-fold, and as the 2017 data shows, it is still
increasing. Most of the files identified as dangerous fall into the
malware category (78 percent). However, viruses – whose prevalence
significantly dropped 5-7 years ago, due to their complex development and low
efficiency - still constitute 14 percent of daily detections.
9)
USB
Encryption and Security Falls Well Short - A recent survey from
Apricorn of more than 400 IT professionals from industries including education,
finance, government, healthcare, legal, manufacturing, retail and
manufacturing, reveals that most employees use USB drives, but that companies
are leaving themselves open to data breaches and leaks by not effectively
monitoring these devices and the data that gets written to them. However,
eight out of 10 employees use non-encrypted USB drives such as those received
free at conferences, tradeshow events or business meetings, which could be
easily lost or stolen and fall into the wrong hands, or introduce malware
into a company’s host system.
10)
We
need to talk about mathematical backdoors in encryption algorithms -
Governments and intelligence agencies strive to control and bypass or
circumvent cryptographic protection of data and communications. Backdooring
encryption algorithms is considered as the best way to enforce cryptographic
control. Security researchers regularly set out to find implementation
problems in cryptographic algorithms, but not enough effort is going towards
the search for mathematical backdoors, two cryptography professors have
argued.
|
Credits - Nagesh of Ivalue.
No comments:
Post a Comment