Tag Archives: orange county public relations

10Fold Perspective: Sayonara Smart Gadgets, Hello Enterprise!

By Katrina Cameron and Anne Stanley

Recently, two members of the 10Fold team ventured down to Santa Clara, California to attend Internet of Things World 2017. The three-day event brought together hundreds of companies and leaders, as well as thousands of attendees, in the IoT space. The showroom featured vendors from both industrial and consumer IoT and was filled with learning, discovery, networking and fun. While roaming the bustling expo halls, we absorbed some top trends and came away with some “aha moments” that we are excited to share.

Event Highlights

Startup City
One section of the conference floor was noticeably different from the rest of the exhibiting space. Startup city was jam packed with more than 100 startups working to disrupt the IoT space.  A panel of judges — featuring top investors and winners from the previous year’s pitch-off — witnessed multiple rounds of pitches which offered startups the opportunity to meet investors and build valuable relationships within the IoT ecosystem. While this section might not feature the most eye-catching booths or interactive displays, the energy and innovative spirit was palpable.

Women in IoT Panel
Featuring representatives from Pillar Technology, the Department of Defense, Equinix, Johnson Controls, and Ovum, this panel discussion focused on the role women are playing in accelerating IoT deployments across industrial, enterprise and consumer markets, as well as what can facilitate more diversity in the industry. While this panel was informative and well attended by men and women alike, it was in direct contrast to the rest of the exhibition which was, you guessed it, predominantly populated by men.

Where are the gadgets?
Consumer tech has traditionally taken over show floors at  previous IoT conventions. This year, however, there was a distinct lack of gadgets and wearables and trackers and buttons and…you get the point. The industry seems to have finally caught on to the fact that the future of IoT and general connectivity lies in industrial and enterprise applications. Companies touting the solutions for smart cities, networking, fleet management, healthcare, and transportation were very much present. With the repercussions of WannaCry still a recent memory, security was also top of mind for all vendors.

Show, Don’t Tell
There was never a dull moment for some vendors, as many curious event attendees wanted to see in-person demonstrations of how IoT products work. Although the speaking sessions and lectures at IoT World appeared to be heavily attended, it seemed attendees had a yearning to see the products in action. Silver Spring Networks was one of the many busy vendor booths that attracted a crowd of visitors who requested demos of their IoT devices, such as smart street lights. From analysts, to journalist, to curious customers — Silver Spring’s booth was packed with attendees watching or waiting for demos.

The Future of IoT
As if current trends in IoT weren’t fascinating enough, the future of IoT took center stage at this event. From smart cars to intelligent transportation, to smart buildings and energy grids—it’s apparent that the Internet of Things will continue to grow in many ways. Speaking sessions focused on what’s next for IoT and how developers can prepare for it. During the “Creating Smart Cities: Future Trends” panel session, industry leaders and visionaries from Silver Spring Networks, Duke Energy and San Mateo County discussed how cities and utilities should have a strong focus on standards when deploying smart city networks. Keynote speaker and Silver Spring CEO Mike Bell contended that the largest IoT networks known today will look miniscule five years from now.

As the Internet of Things continues to evolve, so will its conferences. IoT World is just one of many shows that seeks to showcase IoT at the forefront of innovation and cultivate the startups making their way into the marketplace. If you’re a startup looking to make a splash in this fascinating industry, consider your PR strategy and partnership. Check out 10Fold’s PR services, and drop us a line if you’re interested in learning more.

Disclaimer: Silver Spring Networks is a client of 10Fold

10Fold Reveals 10 Largest Data Breaches of 2016

Nearly Three Billion Personal Records Breached Around the World

SAN FRANCISCO, CA–(Marketwired – Jan 19, 2017) – 10Fold, a full-service B2B technology public relations agency with a specialization in cybersecurity, today announced that in 2016, more than 2.8 billion personal records were breached on social and file-sharing platforms, email providers and government databases around the world. In its second annual year-in-review, 10Fold analyzed the largest data breaches of 2016, then ranked the top 10 from greatest to least.

“If 2015 was the year of the healthcare data breach — breaches impacted nearly 40 million people — then 2016 was the year of the social media breach. Four of the top 10 breaches were social media related and impacted more than 640 million people,” said Angela Griffo, vice president of the cybersecurity practice at 10Fold. “But the biggest surprise of the year was Yahoo revealing that the information of more than 1.5 billion people had been stolen by attackers. Regardless of an attacker’s motive, any compromised information leaves users susceptible to identity theft and fraud.”

News reports about the 10 largest data breaches discovered in 2016, which are listed below, indicated that each attack affected 49 million users or more. 10Fold selected these data breaches based on independent research collected throughout 2016 and cross-referenced the information with third-party resources, including ID Theft Resource Center and Information is beautiful.

10 Largest Data Breaches of 2016:

1. Yahoo: 1.5 Billion Users — The Yahoo data breach is possibly the largest email provider data breach in history. When Yahoo first confirmed the breach in September 2016, the company revealed the breach impacted 500 million user accounts. The stolen account information included names, dates of birth, telephone numbers, passwords, and security questions and answers. In December, the company revealed an additional one billion users had been affected by the breach, bringing the grand total of affected users to 1.5 billion.

2. FriendFinder Network: 412 Million Users — In October, a number of sites in the FriendFinder Network were hacked, resulting in a data breach that affected 412 million users. According to LeakedSource, the sites affected included Adult Friend Finder, Cams and Penthouse. The breached data encompassed 20 years of user information and included user names, emails, passwords, joining dates and the date last visited. A significant amount of the user information released was the stored data of users who had previously attempted to delete their accounts. Of the total records breached and released, 15 million came from deleted accounts.

3. Myspace: 360 Million Users — In May, the prolific cyberhacker Peace sold the data of 360 million Myspace users. Released user information included names, passwords and secondary passwords. According to Time Inc., the information was from an older 2013 Myspace platform. Only those profiles that existed prior to the site’s relaunch were affected. The new site now includes stronger user account security.

4. LinkedIn: 117 Million Users — In May, it was announced that cyberhacker Peace had sold 117 million emails and encrypted passwords on the dark web for roughly $2,200.

5. VK Russia: More than 100 Million Users — In June 2016, it was reported that hacker Peace was selling the data of 100 million VK users for roughly $570. The information released contained usernames, emails, unencrypted passwords, locations and phone numbers. What’s more, the original hack occurred between 2011 to 2013.

6. Dailymotion: 87.6 Million Users — In October 2016, France-based video sharing site Dailymotion reports indicated that hackers released the usernames and emails of 87.6 million users. According to the Dailymotion blog post, the breach was due to an external security problem. While the company claimed the hack was limited — roughly 18.3 million user accounts were associated with encrypted passwords — all partners and users were still advised to reset their passwords for safekeeping. Dailymotion is the 113th most-visited website in the world.

7. Tumblr: 65 Million Users — In May, 65 million Tumblr accounts were found for sale on the dark web. A cyberhacker using the alias Peace sold the data for $150. According to security researcher Troy Hunt, the data contained email and password information.

8. DropBox: More than 60 Million Users — In August 2016, Dropbox announced that it had reset the passwords of more than 60 million users after the company discovered that an old set of Dropbox user credentials was taken. While the company suspects that the records were originally obtained in 2012, the breach was not discovered and users were not notified until 2016. The released information contained usernames and encrypted passwords. It has been reported that a senior Dropbox employee verified the released data is legitimate.

9. Philippines’ Commission on Elections: 55 Million Voters — On March 27, a hacker group posted the entire database of the Philippines’ Commission on Elections (COMELEC) online. The attackers also shared three links where the information of 55 million registered voters in the Philippines could be downloaded. The distributed data included email addresses, passport numbers and expiration dates, and fingerprint records — information that cannot be replaced or reset. Various reports suggest this breach is the biggest government-related data breach in history.

10. Turkish Citizenship Database: 49.6 Million Citizens — In April 2016, the entire Turkish citizenship database was hacked. Attackers released the personal information of 49.6 million citizens. The information released included details that are found on a standard Turkey identification card, including national identifier, name, parents’ names, gender, birthdate, city of birth and full address. According to reports, hackers validated the data by publishing details of Turkey’s president and former prime minister Recep Tayyip Erdogan. It’s suspected that the hack was politically motivated, based on the following statement found in the released database: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”

Visit 10Fold at Security Never Sleeps During RSA
This year 10Fold is hosting its seventh annual Security Never Sleeps luncheon at RSA, which features a moderated panel discussion and audience Q&A with the cybersecurity industry’s leading executives, media and analysts. The event takes place on Wednesday, February 15 from 11:30 a.m. to 1:30 p.m. PST. Interested in attending this – Invitation Only – event ? Please send an email to: events@10fold.com and we’ll contact you to discuss your potential participation.

About 10Fold
10Fold is a leading North American public relations firm with regional offices in San Francisco, Pleasanton and Capistrano Beach, California. As a privately owned company founded in 1995, 10Fold provides strategic communications and content expertise to B2B organizations that specialize in networking, IT security, cloud, storage, Big Data, enterprise software, AppDev solutions, wireless, and telecom. The award-winning, highly-specialized account teams consist of multi-year public relations veterans, broadcasters and former journalists. 10Fold is a full-service firm that is widely known for its media and analyst relations, original content development, corporate messaging, social media and video production capabilities (through its division ProMotion Studios). For more information, visit www.10fold.com or follow us on Twitter (@10FoldComms) and Facebook (www.facebook.com/10FoldComms).

10Fold – Security Never Sleeps – 98

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Researchers have encountered a denial-of-service botnet that’s made up of more than 25,000 Internet-connected closed circuit TV devices. Scammers are spreading JavaScript malware disguised as a Facebook comment tag notification. The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more.

Large botnet of CCTV devices knock the snot out of jewelry website – Publication: Ars Techinca – Reporter name: Dan Goodin

The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second. The DDoS attack continued for days, causing the Sucuri researchers to become curious about the origins of the attack. They soon discovered the individual devices carrying out the attack were CCTV boxes that were connected to more than 25,500 different IP addresses. The IP addresses were located in no fewer than 105 countries around the world.


Facebook comment tag malware scam targets Chrome users – Publication: SC Magazine – Reporter name: Robert Able

A user will receive a notification in their app and/or in their email about a friend tagging them in a comment and, upon clicking the link, malware is downloaded to their device, according to Hackread. Currently the malware is only targeting Chrome and one analyst on the network question and answer site Stack Exchange said the file is a typical obfuscated JavaScript malware, which targets the Windows Script Host to download the rest of the payload.


Google Accounts Of US Military, Journalists Targeted By Russian Attack Group – Publication: Dark Reading- Reporter name: Sara Peters

A Russian attack group used the Bitly URL-shortener to disguise malicious links in order to carry out spearphishing campaigns not only against the Democratic National Committee, but also against some 1,800 Google accounts of US military and government personnel and others.


New and improved CryptXXX ransomware rakes in $45,000 in 3 weeks – Publication: Ars Technica- Reporter name: Dan Goodin

Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn’t include revenue generated from previous campaigns.

10Fold – Security Never Sleeps – 97

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A remote desktop access service called GoToMyPC was hacked this weekend and is urging all users to immediately change their passwords; The number of network infections generated by some of the most prolific forms of malware — such as Locky, Dridex, and Angler — has suddenly declined; on Friday night a hacker made off with $50 million of virtual currency after hacking the DAO (Decentralized Autonomous Organization); and a new variety of ransomware called RAA has been discovered.

GoToMyPC hit with hack attack; users need to reset passwords – Publication: PCWorld – Reporter name: Nick Mediati

According to a post published to GoToMyPC’s system status page, the remote desktop access service experienced a hack attack this weekend, and it’s now requiring all users to reset their passwords before logging in to the service.


Malware infections by Locky, Dridex, and Angler drop — but why?  – Publication: ZDNet – Reporter name: Danny Palmer

The number of network infections generated by some of the most prolific forms of malware — such as Locky, Dridex, and Angler — has suddenly declined. Instances of malware and ransomware infection have risen massively this year, but cybersecurity researchers at Symantec have noticed a huge decline in activity during June, with new infections of some forms of malicious software almost at the point where they’ve completely ceased to exist.


A $50 Million Hack Just Showed That the DAO Was All Too Human – Publication: WIRED- Reporter name: Klint Finley

Sometime in the wee hours Friday, a thief made off with $50 million of virtual currency. The victims are investors in a strange fund called the DAO, or Decentralized Autonomous Organization, who poured more than $150 million of a bitcoin-style currency called Ether into the project.


New RAA ransomware written in JavaScript discovered – Publication: SC Magazine UK – Reporter name: Doug Olenick

A new variety of ransomware called RAA has been discovered that has the somewhat unusual attribution of being coded in JavaScript instead of one of the more standard programming languages making it more effective in certain situations.

10Fold – Security Never Sleeps – 96

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Russian police have arrested 50 members of an alleged cyber-crime ring that stole more than 3 billion rubles ($45 million) from banks, the country’s biggest ever crackdown on financial hackers. Newly discovered malware ‘IronGate’ is targeting industrial control systems has the researchers who discovered it intrigued and hungry for help from the ICS community to further unravel it. Today, Yahoo became the first company to go public about NSLs it has received without needing to duke it out with the feds in court. Cisco spent $1.4 billion to acquire Jasper in February in its largest acquisition since Robbins took over as CEO. The former Sequoia-backed startup runs the largest commercial network for managing IoT devices.

Russia Detains 50 Suspected Hackers for Malware Bank Attacks – Publication: Bloomberg – Reporter name: Gavin Finch

The gang used malware to create networks of infected computers to launch 18 targeted attacks against Russian banks and state entities over the past year, the Interior Ministry said in a statement on its website.  Police were able to prevent another 2.3 billion rubles of losses, it said. The individual banks weren’t identified.


Shades Of Stuxnet Spotted In Newly Found ICS/SCADA Malware – Publication: Dark Reading – Reporter name: Kelly Jackson Higgins

FireEye researchers today detailed their findings on the so-called Irongate ICS/SCADA malware, which targets a Siemens PLC simulation (SIM) environment—not an operational one—via a man-in-the middle attack on a specific piece of custom PLC SIM code. SIM environments are where engineers test out their PLC code, which means Irongate as-is represents no actual threat to ICS operations, according to FireEye, and there’s been no sign of any attacks or attempts thus far.


Yahoo Publishes National Security Letters After FBI Drops Gag Orders – Publication: WIRED- Reporter name: Kim Zetter

Yahoo received letters in 2013 and 2015 and published redacted versions of them today. Two of the NSLs were sent to Yahoo from a special agent in the bureau’s Dallas office; the third NSL came from an agent in the bureau’s Charlotte, North Carolina office. It’s not clear whether the NSLs involve closed cases or ongoing ones for which disclosure is no longer a problem.  The letters offer no insight into the investigations behind them, and offer little else except a description of the kinds of records the FBI sought. In each case, the FBI wanted the name, address, length of service, activity logs and activity/transaction records for a specific user account.


Cisco is tracking 28 million devices on its IoT network and most of them are cars – Publication: Re/Code – Reporter name: Arik Hesseldahl

And it’s not just cars on Jasper. “It’s robots, it’s EKG machines” and other health care gear, and also robots used in manufacturing. And while the IoT is often criticized for being more hype than useful, Robbins said that Cisco has zeroed in on one significant use: Fixing things before they break. Last year Cisco teamed up with FANUC, a Japanese company building industrial robots, to keep track of how often robots in factories need maintenance. Preventive maintenance on the robots saves money by eliminating costly and unexpected downtime. “It’s turned out to be the killer app” for IoT, he said. “The savings from preventive maintenance is enough to justify the investment.”

10Fold – Security Never Sleeps – 95

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Security researchers at Sophos say that the Myspace hack could be the largest data breach of all time, easily topping the whopping 117 million LinkedIn emails and passwords that recently surfaced online from a 2012 hack. Cyber sleuths at security firm Trustwave have uncovered chatter on a Russian underground malware forum discussing a zero-day vulnerability in “every version” of Windows that is being openly sold for $90,000. A congressional committee has launched an investigation into the Federal Reserve Bank of New York’s handling of the heist of more than $80 million from accounts it maintains for the central bank of Bangladesh. Amazon and Goldman Sachs have become the latest investors to back Ionic Security, as the cyber security start-up looks to expand its reach beyond large companies.

Recently confirmed Myspace hack could be the largest yet – Publication: TechCrunch – Reporter name: Sarah Perez

“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” said Myspace’s CFO Jeff Bairstow, in a statement. “Our information security and privacy teams are doing everything we can to support the Myspace team.” However, while the hack itself and the resulting data set may be old, there could still be repercussions. Because so many online users simply reuse their same passwords on multiple sites, a hacker who is able to associate a given username or email with a password could crack users’ current accounts on other sites.


Windows zero-day flaw that impacts ‘every version’ being sold on Russian forum for $90,000 – Publication: International Business Times – Reporter name: Jason Murdock

According to analysis released by researchers with SpiderLabs, a team of penetration testers and ethical hackers at Trustwave, the security flaw being sold allows attackers to upgrade any Windows user level account to an administrator account, giving them access to install malicious software, gain access to other machines and change user settings. In hacking circles, zero-day vulnerabilities are much sought-after pieces of code previously unknown to anyone that can be exploited to infiltrate or attack a computer system without warning. Previously, a number of these bugs were uncovered in Adobe Flash software after the now-infamous breach at Hacking Team.


Congress launches probe of NY Fed over handling of $80M cyberheist – Publication: CNBC- Reporter name: Eamon Javers

In a letter to New York Fed President William Dudley on Tuesday, House Science Committee Chairman Lamar Smith, R-Texas, asked for “all documents and communications” related to the cyberheist from the Bank of Bangladesh account. The committee also wants to know what oversight the Fed has conducted of the SWIFT system, an international electronic messaging system used by banks worldwide to authorize billions of dollars a day in money transfers.


Goldman and Amazon back cyber security start-up Ionic Security – Publication: Financial Times – Reporter name: Hannah Kuchler

Amazon is becoming an equity holder via a partnership that will also allow customers of Amazon Web Services, its fast-growing cloud data center business, to use Ionic’s technology to secure data in the cloud and on their own on-premise servers. Adam Ghetti, chief executive of Ionic Security, said the company had already seen “tremendous interest” in its partnership with AWS in Europe. Companies on the continent have become increasingly nervous about which country has sovereignty over their data since leaks by Edward Snowden, a former contractor to the US National Security Agency, exposed a mass surveillance program in 2013.

10Fold – Security Never Sleeps – 94

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: On Wednesday afternoon, LinkedIn users received an email titled “Important information about your LinkedIn account,” describing the massive 2012 hack and what the company is doing about it. A recently patched Adobe Flash Player vulnerability is being abused in a new malvertising campaign that redirects users to the Angler exploit kit (EK), Malwarebytes researchers warn. The TeslaCrypt creators called it quits recently, but unfortunately for users, there’s a new ransomware program that’s ready to take its place. Google intends to kill off passwords, as well as allow Android apps to run instantly without installing the apps first.

Finally! LinkedIn Comes Clean About Mass Data Breach – Publication: Fortune – Reporter name: Jeff John Roberts

In its email, LinkedIn claimed that it “became aware” last week that the data stolen in 2012 was being made available online. This seems a bit of stretch—the whole point of stealing data is typically to sell it online—but we’ll take them at their word. And, unlike so many other LinkedIn emails, this one is definitely useful. Oddly, the email did not include any acknowledgement or apology for the dreadful security practices used by LinkedIn in the first place. These included poor cryptography, such as failing to “salt” the data, which made it easier for hackers to unscramble users’ passwords.


Angler EK Malvertising Campaign Abuses Recent Flash Zero-Day – Publication: SecurityWeek – Reporter name: STAFF

The campaign relies on domain shadowing and professional-looking fake ads that are sent to ad networks and displayed on legitimate websites. Furthermore, the attack is highly targeted, serving the malicious code conditionally and redirecting users to the Angler EK only after performing a series of checks otherwise known as fingerprinting. While the technique is not new, there are some interesting aspects about this malvertising campaign, including the fact that Angler is abusing the CVE-2016-4117 zero-day flaw in Adobe Flash Player that was patched on May 12. Attackers abused the vulnerability via specially crafted Office documents and an exploit for this vulnerability was added to the Magnitude and Neutrino EKs as well last week.


New DMA Locker ransomware is ramping up for widespread attacks – Publication: CSO- Reporter name: Lucian Constantin

Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims.


Google’s Trust API: Bye-bye passwords, hello biometrics? – Publication: NetworkWorld – Reporter name: Ms. Smith

Trust API will run in the background, always keeping track of your biometrics, so it will know you are really “you” when you unlock your device. It will utilize some of the common biometric indicators you might expect, such as your face print, as well as others such as how your swipe the screen, the speed of your typing, voice patterns, your current location and even how you walk. Combined, it gives a cumulative “trust score.”

10Fold – Security Never Sleeps – 93

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hackers appear to have made off with the equivalent of $2 million in digital currencies from Gatecoin, according to a notice posted on the exchange’s website. The cyberattack that knocked hundreds of school networks offline in Japan last week had at least one novel feature: It was allegedly instigated by a student. DMA Locker fixes known flaws and adopts new exploit kit-based distribution model.

Hackers Steal $2 Million From Bitcoin Exchange In Hong Kong, Bounty Offered To Recover Funds – Publication: Forbes – Reporter name: Robert Olson

Gatecoin is an exchange and trading platform for a range of digital currencies. It was cofounded in July 2013 by Menant, a former investment banker with Societe Generale, J.P. Morgan and BNP Paribas . Menant is also a founding member of the Bitcoin Association of Hong Kong, which seeks to foster and promote Bitcoin and its technology. “Criminals understand cryptocurrency better than almost anyone, which probably helps explain some of their success in this area,” Bryce Boland, Chief Technology for Asia Pacific at FireEye, said in an e-mail. “Unfortunately we’re going to see many more of these incidents before things get better.”


Who’s hacking schools now? The students – Publication: CNBC – Reporter name: Harriet Taylor

In the U.S., Rutgers, Arizona State University and the University of Georgia have had denial-of-service attacks in the past year. These attacks are often so effective that they completely overwhelm networks and prevent students, teachers and administrators from being able to log on. This wreaks havoc on large administrations and results in delays, for example, in class registration and final exams.


New DMA Locker ransomware is ramping up for widespread attacks – Publication: CSO – Reporter name: Lucian Constantin

Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims.


4 Ways to Protect Against the Very Real Threat of Ransomware – Publication: Wired – Reporter name: Kim Zetter

Any company or organization that depends on daily access to critical data—and can’t afford to lose access to it during the time it would take to respond to an attack—should be most worried about ransomware. That means banks, hospitals, Congress, police departments, and airlines and airports should all be on guard. But any large corporation or government agency is also at risk, including critical infrastructure, to a degree. Ransomware, for example, could affect the Windows systems that power and water plants use to monitor and configure operations, says Robert M. Lee, CEO at critical infrastructure security firm Dragos Security. The slightly relieving news is that ransomware, or at least the variants we know about to date, wouldn’t be able to infect the industrial control systems that actually run critical operations.

10Fold – Security Never Sleeps – 92

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Kansas Heart Hospital was hit with a ransomware attack. It paid the ransom, but then attackers tried to extort a second payment. A Critical Elevation of Privilege (EoP) vulnerability in the Qualcomm Secure Execution Environment (QSEE) affects around 60 percent of all Android devices around the world, despite being already fixed, researchers warn. Financial transaction network SWIFT called on its customers Friday to help it end a string of high-profile banking frauds perpetrated using its network. A manhunt is underway for criminals who looted millions from Japan’s cash machines nationwide in an hours-long heist, officials and reports said Monday.

Kansas Heart Hospital hit with ransomware; attackers demand two ransoms – Publication: NetworkWorld – Reporter name: Ms. Smith

Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday, and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital. Hospital President Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant. He said, “I’m not at liberty because it’s an ongoing investigation, to say the actual exact amount. A small amount was made.”Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files—at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer “a wise maneuver or strategy.”


Critical Vulnerability Plagues 60% of Android Devices – Publication: SecurityWeek – Reporter name: STAFF

The issue, discovered last year by Gal Beniamini, affects 75 percent of all Android devices powered by a Qualcomm processor, security firm Duo Security claims. According to Duo, around 80 percent of all Android devices have a Qualcomm processor inside, but just 25 percent of users have applied the patch, meaning that 60 percent of devices continue to be vulnerable.


SWIFT asks its customers to help it end a string of high-profile banking frauds – Publication: PCWorld – Reporter name: Peter Sayer

The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said. SWIFT wants its customers to come forward with information about other fraudulent transfers made using their SWIFT credentials, to help it build a picture of how the attackers are working.


Manhunt After Millions Stolen in Hours-long Japan ATM Heist – Publication: Security Week – Reporter name: STAFF

Armed with fake credit card details from South Africa’s Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month. The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said. Their haul totaled 1.4 billion yen ($13 million), according to the reports, with machines in Tokyo and Osaka among those targeted. It was not clear how the gang made off with the equivalent of millions of dollars so quickly as the cash machines usually limit withdrawals to 100,000 yen ($910) a day.

10Fold – Security Never Sleeps – 91

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: DNI head James Clapper told a Washington audience Wednesday that the intelligence community is grappling with the “internet of things” — devices and appliances that can be wirelessly connected to the web and can provide access for hackers or foreign spies. Updates released by Cisco for the AsyncOS operating system powering the company’s Web Security Appliance (WSA) address several high severity denial-of-service (DoS) vulnerabilities. Researchers at MIT and Oxford University have shown that the location stamps on just a handful of Twitter posts can be enough to let even a low-tech snooper find out where you live and work. A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.

Clapper: My hearing aids needed security clearance – Publication: CNN – Reporter name: Nicole Gauette

The intelligence community is trying to figure out how it should operate on a wireless basis, Clapper said, in ways that are secure. It’s a particular challenge “in terms of dealing with millennials who are quite used to that,” he added. “We’re trying to come up with a policy on this, some governance that is consistent across the enterprise, that at the same time will allow for latitude for technology to change — because it will,” he said. The country’s top intelligence official said that as the internet of things grows more common, the 10.3 billion end points now in existence are expected to mushroom to 29.5 billion by 2020 in an industry that will be worth $1.7 trillion.


Cisco Patches Serious Flaws in Web Security Appliance – Publication: SecurityWeek – Reporter name: Eduard Kovacs

One of the vulnerabilities (CVE-2016-1380) is caused by the lack of proper input validation for packets in an HTTP POST request. A remote, unauthenticated attacker can cause the appliance to reload by sending it a specially crafted HTTP POST request. The second security hole (CVE-2016-1383) is related to how the operating system handles certain HTTP response code. An unauthenticated attacker can remotely cause a DoS condition by sending a specially crafted HTTP request to the targeted device, causing it to run out of memory.


Got privacy? If you use Twitter or a smartphone, maybe not so much – Publication: CIO – Reporter name: Katherine Noyes

The researchers set out to fill what they consider knowledge gaps within the National Security Agency’s current phone metadata program. Currently, U.S. law gives more privacy protections to call content and makes it easier for government agencies to obtain metadata, in part because policymakers assume that it shouldn’t be possible to infer specific sensitive details about people based on metadata alone. This study, reported in the Proceedings of the National Academy of Sciences, suggests otherwise. Preliminary versions of the work have already played a role in federal surveillance policy debates and have been cited in litigation filings and letters to legislators in both the U.S. and abroad.


Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says – Publication: Dark Reading – Reporter name: Jai Vijayan

Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as “staggering.” One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes. Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks. But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said.