Cybersecurity stories and insights for the first week of December 2017

NSA leak exposes Red Disk, the Army's Failed Intelligence System

News Link: http://www.zdnet.com/article/nsa-leak-inscom-exposes-red-disk-intelligence-system/  

Comment: Another example of how legacy systems can be caustic.  Left unsupported, systems and data pose a real risk.  How many canceled, half-completed, abandoned, or unsupported legacy systems still exist in your organization?  I wager there are many.  I would also bet you don't know how many, where they are, what data they hold, and the cross-access to other systems they possess.  You should be very worried.     

Pacemakers and Patient Monitors can be Hacked in Seconds 

News Link: http://www.10news.com/news/pacemakers-and-patient-monitors-can-be-hacked-in-seconds-san-diego-experts-discuss-threat 

Comment: Healthcare is in for a shock.  It is time to get serious, not worry as much about data breaches (yes, you need to still protect against those), and pay more attention to cyber-integrity attacks that put patient’s health at risk.      

PayPal's TIO Networks Reveals Data Breach Impacted 1.6 Million Users  

News Link: http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/  

Comment: Another data breach, this time by PayPal's recent acquisition TIO Networks.  Details are thin, but what strikes me is the fact PayPal took the progressive step in suspending operations of the TIO services.  This puts security first, which is pleasantly refreshing!  Most companies prioritize keeping their business up while investigating a data breach, which in many cases continues to expose customer data to ever greater issues.  By temporarily closing down operations, it gives the response teams time to figure out the problems, plug holes, and properly protect data.       

Girl Scouts to Train Next Generation of Cybersecurity, AI, and Robotics Professionals 

News Link: https://www.techrepublic.com/article/girl-scouts-to-train-next-generation-of-cybersecurity-ai-and-robotics-professionals/  

Comment: A great initiative!  Not only do we need more cybersecurity professionals, we are greatly disadvantaged with a lack of women and under-represented minorities in the cyber workforce.  We need a greater diversity of thinking, imagination, and experiences in order to keep pace with rapidly evolving threats.      

New-But-Old US Bill Introduces Prison Time for Execs Who Conceal Data Breaches

News Link: https://www.bleepingcomputer.com/news/security/new-but-old-us-bill-introduces-prison-time-for-execs-who-conceal-data-breaches/ 

Comment: It's about to get real difficult to justify hiding data breaches.  As expectations of society changes, so will regulations.  I think people have partially moved out of complacency when it comes to data breaches and believe it is not acceptable for companies to hide when customers data is exposed or stolen.  ...now, if we can only get consumers to pay the same level of scrutiny when buying products.  We all should be discerning when it comes to purchases, giving strong preference to trustworthy vendors and suppliers.     

Andromeda Botnet Dismantled in International Cyber Operation

News Link: https://www.europol.europa.eu/newsroom/news/andromeda-botnet-dismantled-in-international-cyber-operation  

Comment: Congrats to the FBI, Euro Cybercrime Center, and other partners in taking down the Andromeda botnet.  More international cooperation is needed to keep the pressure on organized cyber criminals.  Without consequences, there is no deterrent.      

MacOS High Sierra Bug Lets Anyone Gain Root Access Without a Password

News Link: https://thehackernews.com/2017/11/mac-os-password-hack.html  

Comment: At a loss for words.  Simple backdoor grants Admin access to anyone with physical access.  If you own a MAC and are running the latest OS version (High Sierra), you need to fix this immediately. The latest Mac OS patch fixes this vulnerability     

Bear Wanted by the FBI! Cybersecurity Tips for Selecting (and Protecting) Your Holiday Gifts

News Link: https://www.linkedin.com/pulse/bear-wanted-fbi-cybersecurity-tips-selecting-your-holiday-diamond/ 

Comment: Message from Santa: "This is required reading for shoppers this year!" Toys and tech can pose risks to privacy and security. Be aware and shop with an understanding of the risks and best practices to secure those gifts!   

Hack the Gap: Close the Cybersecurity Talent Gap with Interactive Tools and Data

News Link: http://cyberseek.org/ 

Comment: For all those looking to begin a career in cybersecurity or those currently in the trenches that want to change roles, I recommend taking a look at cyberseek.org for great information on roles, salary, and career progression.  As I talk with more students, I find myself referring them here.      

Image Sources: 

• https://www.linkedin.com/pulse/bear-wanted-fbi-cybersecurity-tips-selecting-your-holiday-diamond/ 
• https://thehackernews.com/2017/11/mac-os-password-hack.html https://www.europol.europa.eu/newsroom/news/andromeda-botnet-dismantled-in-international-cyber-operation 
• https://www.bleepingcomputer.com/news/security/new-but-old-us-bill-introduces-prison-time-for-execs-who-conceal-data-breaches/
• https://www.techrepublic.com/article/girl-scouts-to-train-next-generation-of-cybersecurity-ai-and-robotics-professionals/ 
• http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/ 
• http://www.10news.com/news/pacemakers-and-patient-monitors-can-be-hacked-in-seconds-san-diego-experts-discuss-threat 
• http://www.zdnet.com/article/nsa-leak-inscom-exposes-red-disk-intelligence-system/ 
• http://cyberseek.org/     

Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit