Data Privacy Day 2018 – Live From LinkedIn Event Highlights

In honor of Data Privacy Day – an international effort held annually on Jan. 28 to generate awareness about the importance of respecting privacy, safeguarding data and enabling trust – the National Cyber Security Alliance (NCSA) hosted a daylong event streamed live from LinkedIn’s offices in San Francisco, CA, on Thursday, Jan. 25. The event showcased fast-paced, cutting-edge discussions and TED-style talks with leading experts focusing on what businesses and consumers must know about privacy.

The day’s discussions focused on the following privacy hot topics:

  • Looking Into a Crystal Ball: What Your Data Says About You
  • Five Things You Can Do to Manage Your Privacy Now
  • What You Should Know About the Internet of Me and Your Privacy
  • Tracking My Location – Business Uses and Consumer Choices
  • Staying Competitive – Why Privacy Is Good for Your Business
  • The Problem With Your Online Privacy
  • Balancing Act: Privacy and Innovation
  • What’s an Algorithm Got to Do With It?


Missed the event? Check out the full video here – and the full event recap, including photos, here

Tax Identity Theft Awareness Week

Tax Identity Theft Awareness Week is January 29 to February 2, and many
federal agencies are offering information and resources to help consumers learn
to protect themselves from tax-related identity theft and Internal Revenue
Service (IRS) imposter scams.

NCCIC/US-CERT
encourages consumers to review IRS publication Taxes.Security.Together.
and NCCIC/US-CERT Tip Preventing
and Responding to Identity Theft
. Users can also participate in a series of
free
webinars and chats
on avoiding tax identity theft, hosted by the Federal
Trade Commission, IRS, Department of Veterans Affairs, and others

Apple Releases Multiple Security Updates

Original
release date: January 23, 2018

Apple has released security updates to address vulnerabilities in multiple
products. An attacker could exploit some of these vulnerabilities to take
control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Apple security pages
for the following products and apply the necessary updates:

Save up to 60% on SQL Server 2017 learning resources

SQL Server 2017 gives you the power
to build modern applications using the language of your choice,
on-premises and in the cloud, on Windows, Linux, and Docker containers.
In two new titles from Microsoft Press, explore the concepts and
methodologies of managing SQL Server databases with hands-on practice to
become a more experienced—and more efficient—database administrator.

SPECIAL OFFER: For a limited time, save 50% when you buy either SQL Server 2017 Administration Inside Out or SQL Server 2017 Administration Inside Out (Video). Even better? Add both products to cart and save 60% on your purchase*! Use discount code SQL2017 during checkout to apply discount.
 

PowerShell Core 6.0: Generally Available (GA) and Supported!

PowerShell
Core 6.0
is a new edition of PowerShell that is cross-platform
(Windows, macOS, and Linux), open-source, and built for heterogeneous
environments and the hybrid cloud.
 From the Microsoft Blog
 
First and foremost, thank you to all
of our amazing community, especially our open-source contributors (the most
recent of which you can find on our community dashboard at https://aka.ms/PSGitHubBI) for donating your time
and energy to PowerShell Core. Whether you contributed code, tests,
documentation, issues, or even just your feedback and opinions, we are
extremely grateful for the sweat and tears that you’ve invested in PowerShell.
(For those interested in contributing, hop and over to our Contribution Guide on GitHub. You don’t have to be
a guru to help out!)

How to disrupt attacks caused by social engineering ( copied from Microsoft Secure Blog)

 5: Stages of a phishing attack

  • Phase 1: Threat actor targets employee(s) via phishing campaign
  • Phase 2: An employee opens the attack email which allows the threat
    actor access to load the malicious payload or compromise the user
    identity
  • Phase 3: The workstation is compromised, threat actor persists malware, threat actor gathers credentials
  • Phase 4: Threat actors use stolen credentials to move laterally and
    gain unsolicited access and compromise key infrastructure elements
  • Phase 5: Threat actors exfiltrate PII and other sensitive business data

There is a great article on this topic here

Winter Olympics Targeted in Wake of Russia Ban

Malicious documents have been discovered in the inboxes of several organizations involved in the Winter Olympics in Pyeongchang, South Korea. The initial target of the email was [email protected], but several other organizations also involved with the event were included in the BCC line of the email. The email contained a document titled “Organized by Ministry of Agriculture and Forestry and Pyeongchang Olympics.doc” written out in Korean, which upon opening initialized a macro that opens a PowerShell script containing malware. The script was hidden in the document as an image file by using an open source steganography tool. Upon analysis of the PowerShell script, it was determined that the code allowed a set schedule to occur at certain times to initialize certain tasks and establish an encrypted channel from the victim’s computer to the attacker’s server, which was located remotely.

As of right now, no perpetrator has been discovered, but researchers believe that the attackers’ motive was mainly to gather intelligence about any information regarding the Olympics and the organizations behind the event. Despite no confirmed suspect, it is found to be suspicious that these attacks have occurred in the wake of Russia’s hacks of Olympic emails. A Russian hacking organization associated with the Russian government had hacked and released emails associated with the International Olympic Committee in what is believed to be a response to the Olympic ban Russia was given, keeping them from participating in the 2018 Olympics taking place in Pyeongchang.


Going by the name Fancy Bear, the hacker group gathered fame from attacking the World Anti-Doping Agency back in 2016 in response to their country being banned from the Olympics after several Russian Olympians were discovered to be using banned substances. Fancy Bear posted medical information on their website of non-Russian athletes who were also taking substances in the pretense that allowing countries to have athletes take prescription medications such as anti-inflammatory medication as a double standard.


The hacks on the Winter Olympics came in the form of phishing campaigns to target very specific people, including Canadian lawyer Richard McLaren and Colorado lawyer Richard Young. Both worked together in investigating Russian cheating techniques. With the Olympics only a month away, more attacks from Russia and other countries with motive to disrupt the games are expected, and the International Olympic Committee is keeping a close eye on possible breaches and attack vectors.


Sources:

https://www.zdnet.com/article/hackers-target-winter-olympics-with-new-custom-built-fileless-malware/


https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/


https://www.buzzfeed.com/kevincollier/russia-banned-from-the-winter-olympics-apparently-is?utm_term=.nia1j99okQ#.jt57IDDBbr

Article was originally posted on CIP report produced by PERATON

Wireless Info System for Emergency Responders (WISER)

This post is a little different than my normal but this is a good tool for Security professionals.



WISER 5.1 is now available on all platforms! Take a quick
look at the what’s included in this release:

  • CHEMM (“CHEMM 2.0”) has extensive new and updated
    content, e.g., guidance and reference materials.
  • New Acute Exposure Guideline Levels for airborne
    chemicals (AEGL) data from the EPA
  • Data updates based on the latest Hazardous
    Substances Data Bank (HSDB) content.
  • Android 
    • Upgrades for KitKat. OS 4.4 is now required.
    • Protective distance “point into the wind” feature added
      for devices with a compass.
  • Windows 
    • Completely new installer.
    • Leverages new features of .NET. Version 4.6.1 is
      now required.
  • Fixes to Emergency Response Guide UN searches
    (duplicates now displayed) across all platforms
  • Many smaller updates and bug fixes

 

Tutorial Videos


Check out WISER’s new series of YouTube videos. These
videos introduce WISER’s functionality, walk through a known substance
scenario, and explore WISER’s protective distance mapping feature in detail.
Take a look!



Coming Soon


WebWISER enhancements and WISER 5.2, which adds three
toxic syndromes (toxidromes) and related content to CHEMM’s Intelligent
Syndromes Tool (CHEMM-IST) to all WISER platforms.



Also of Interest

Radiation Emergency Medical Management (REMM) is a great
resource for medical management of radiation events, and contains information for First Responders.
A mobile version is also available on the Apple App Store and the Google Play Store.