ICS Threat Broadens: Nation-State Hackers No Longer The Only Game In Town

The Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. Here are a few of the headlines you might have missed this week.

ICS Threat Broadens: Nation-State Hackers No Longer The Only Game In Town | Cybereason

The ICS (industrial control systems) responsible for generating, transmitting and metering energy are now being targeted by non-state-sponsored hackers. That assessment is based on data collected from a honeypot Cybereason setup to emulate the power transmission substation of a major electricity provider. In recent years attackers have hacked into the control system of a dam in New York, shut down Ukraine’s power grid and installed malware on the OSes of U.S. companies in the energy, nuclear and water sectors. [Read More]

IT Security Spending to Hit $124B in 2019 | Gartner

Global IT security spending will grow 12.4 percent in 2018 and another 8.7 percent in 2019, according to a new report from Gartner. IT security spending is growing at a healthy 12.4 percent and will continue to expand based on demand generated by concerns of security risks, business needs, and industry changes, according to a new Gartner forecast. Capital purchases are not the only reason for spending: ongoing skills shortages and concerns over regulations such as GDPR are driving organizations to build more relationships with security services to bridge gaps in their capabilities. Gartner estimates that services will represent at least half of security software delivery by 2020. [Read More]

Pacemaker Controllers Still Vulnerable 18 months After Flaws Reported | Naked Security

Medtronic’s CareLink 2090 monitor is still vulnerable to compromise, even though researchers told warned the company more than a year and a half ago. The product is used by doctors to control pacemaker settings. The warning was reiterated at this year’s Def Con by researchers Billy Rios of QED Secure Solutions and Jonathan Butts of WhiteScope. As reported by journalists who attended the demo, the vulnerability that makes it possible for an attacker to run malware on the CareLink 2090 is down to poor software design, primarily that software updates aren’t signed or encrypted. [Read More]

French Banks Says Customers Can Use Face Recognition to Open Accounts | Planet Biometrics

French bank Societe Generale says customers can now open accounts through using biometric facial identification and a dynamic selfie. In a blog post, the bank said that until now, in order to identify new customers in compliance with the rules applicable to banks, the only option was to ask customers to transfer an initial sum of money from an existing account held in their own name with another bank: a requirement that constitutes an obstacle for people opening their first bank account. “Biometric identification means new customers are no longer subject to this condition. Thanks to a facial recognition algorithm, new customers are formally identified by comparing their proof of identity with dynamic selfies taken when they open the account. The authentication process using facial biometrics is ten times more reliable than any human attempt to verify identity. Biometric identification, combined with proof of identity and an online exchange between the customer and the bank, means that new customers are identified in a simple, secure and reliable way: no biometric data is retained. Only the results of the checks performed are stored by Societe Generale.” [Read More]

Trump Revokes Rules On Use of Cyberweapons | Wall Street Journal

President Trump has revoked Obama-era rules establishing a process for deciding about using cyberweapons. Presidential Policy Directive 20 was a classified set of rules mapping out an elaborate interagency process to be followed before U.S. use of cyberattacks. According to the WSJ: “The change was described as an ‘offensive step forward’ by an administration official briefed on the decision, one intended to help support military operations, deter foreign election influence and thwart intellectual property theft by meeting such threats with more forceful responses.” But it’s unclear what policy Trump is enacting in replacement of the 2012 guidelines.  “As designed, the Obama policy required U.S. agencies to gain approval for offensive operations from an array of stakeholders across the federal government, in part to avoid interfering with existing operations such as digital espionage.” Critics say the previous rules handicapped or prevented important operations by involving too many federal agencies in potential attack plans. “But some current and former U.S. officials have expressed concern that removing or replacing the order could sow further uncertainty about what offensive cyber operations are allowed.” [Read More]

Malicious Faxes Can Infiltrate Networks. Malicious Faxes? | Infosecurity

Check Point researchers have been able to exploit vulnerabilities in all-in-one printers via a malicious fax, enabling then to infiltrate corporate networks. The vulnerabilities were discovered in a common implementation of the fax protocol, using HP Officejet all-in-one printers. HP has since released a patch after working with the security firm, but the issue could persist on other machines. “We believe that this security risk should be given special attention by the community, changing the way that modern network architectures treat network printers and fax machines,” the company said in a release. “From now on, a fax machine should be treated as a possible infiltration vector into the corporate network.” [Read More]

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The Largest Internet Company in Mexico Taps Tec360 and Veridium for Trusted Phishing Resistant Passwordless Authentication and to secure Okta SSO A top provider of

Uncategorized

Veridium The True Passwordless Enterprise

Veridium The True Password-less Enterprise In February 2017 when I joined Veridium as CPO, I recognised and appreciated one of the biggest challenges for Enterprise