Cyber Security Training from QA

Cyber Pulse: Edition 22

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


5 July 2018

UK announces creation of London cybercrime court

The UK government has announced the creation of a specialist court to hear cases relating to cybercrime. The deal has been inked between the City of London Corporation and the judiciary and will result in the establishment of an 18-courtroom center, the UK government said on Wednesday. First announced back in October and now given the go-ahead, the court will be built from the ground up at Fleetbank House on Fleet Street. The new center will replace the civil court, Mayor's and City of London County Court, and the City of London Magistrates' Court, which has been described as "aging." A new police station has also been thrown into the deal. The purpose-built court will deal with civil, business, and property cases. "This is a hugely significant step in this project that will give the Square Mile its second iconic courthouse after the Old Bailey," added Catherine McGuinness, Policy Chairman of the City of London Corporation. "I'm particularly pleased that this court will have a focus on the legal issues of the future, such as fraud, economic crime, and cybercrime."

NHS glitch led to 150,000 patients' data accidentally shared against their will

The coding error in a piece of software developed by TPP had gone undetected since 2015. A software glitch has resulted in up to 150,000 NHS patients' data being unwittingly shared against their will, a government minister has disclosed.Due to a coding error in the SystmOne application, made by developer TPP, 150,000 data sharing preferences set between March 2015 and June 2018 in GP practices running the software were not sent to NHS Digital, according to Jackie Doyle-Price, parliamentary under-secretary of state for health. Delivering a statement in parliament on Monday, the minister added the data was used in clinical audit and research settings against the 'Type 2 objections' patients had set - and was shared by NHS Digital between April 2016, when this data-sharing process was enabled, and 26 June 2018."TPP has apologised unreservedly for its role in this matter and has committed to work with NHS Digital so that errors of this nature do not occur again. This will ensure that patients' wishes on how their data is used are always respected and acted upon," said Doyle-Price."There is not, and has never been, any risk to patient care as a result of this error. NHS Digital has made the Information Commissioner's Office and the National Data Guardian for Health and Care aware."

Creative keyboard attack allows passwords to be stolen using the heat from your fingers

Security researchers are arguing that passwords represent an increasingly wobbly method of verification, following the discovery of an exploit that can potentially discern a password using the thermal energy residue left on recently pressed keys. As spotted by Bleeping Computer, computer scientists from the University of California, Irvine (UCI), have named the attack Thermanator, and it involves the usage of a ‘mid-range thermal camera’ to scan the keys and detect the heat residue left on them.Gene Tsudik, a computer science professor at UCI, observed that an attacker could “capture keys pressed on a normal keyboard, up to one minute after the victim enters them”. He added: “If you type your password and walk or step away, someone can learn a lot about it after-the-fact.” Of course, this is not a trivial exploit to pull off. The attacker needs to have the thermal camera in place with a clear view of the keys, and there’s a time limit as the heat residue fades, as mentioned. But if the attacker moves quickly enough – i.e. within 15 seconds or so – the thermal imprints left are quite strong. If the keys used to type the password are discerned, the attacker can later crunch this data and engage in a dictionary attack (repeatedly trying combinations) to brute force the login in question. The researchers ran laboratory tests, and the paper on the exploit observed that: “Entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as one minute after entry."

22-Year-Old Spanish Programmer is Building an Open Source, Secure Alternative to Facebook

Joel Hernández is frank about why he’s trying to launch Openbook, an open source, hyper-secure social network as an alternative to Facebook. The 22-year-old programmer and entrepreneur, who by day works as a security software engineer for Dutch telecoms giant KPN, told Computer Business Review: “We are sleepwalking into a zero privacy world. This may not be abused now, but it will be in future. I’m someone with the capability to fix a small part of that.” Two years ago he had tried to talk a group of friends into the project, amid concerns about Facebook and other social media platform’s data sharing practices and a perceived lack of privacy. They told him they didn’t think anyone cared enough to make the leap to an alternative that prioritised security and transparency. The route to monetisation sounds more inchoate. The company says: “Openbook will be a marketplace for peer-to-peer transactions of products, services and more”. It won’t run targeted adverts; it will allow users to place them — and take a cut of the fee for doing so, with Openbook emphasising that “transactions made within the platform will benefit from the privacy and security of the ecosystem”. The company also aims to help enterprise customers set up their own “internal, self-hosted and secure social networks” with extra functionality such as project, identity and access management.

Beware blockchain security blindspots, warns RSA

Blockchain is one of those new technologies that companies are embracing without necessarily understanding the security implications of doing so. Globally, businesses are expected to invest $3.1bn in blockchain-based systems in 2018 according to IDC, more than double the figure from the previous year. If these predictions are correct, RSA warns that security teams could be left blind to cyber attack because many traditional Siem tools are unable to baseline the ‘new normal’ behaviours associated with blockchain and could allow hackers to gain entry to corporate networks. Aleem, global director of RSA’s Advanced Cyber Defence Practice recommends that organisations should take a “business-driven approach” to this new risk to ensure that advancement in one respect does not create risks elsewhere that could hinder long-term progress. In the context of new technologies, this approach involves first evaluating carefully whether the technology solves a real business need or problem and then looking at whether the technology is a good fit with the existing IT environment and how its success and performance can be measured, Aleem told Computer Weekly.“Security is a process, so new technologies have got to be assessed in terms of how they will fit in with the way people within an organisation work and the existing procedures and security technologies in an organisation.”

Password-Guessing Was Used to Hack Gentoo Linux Github Account

Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content in compromised repositories but also locked out Gentoo developers from their GitHub organisation. As a result of the incident, the developers could not be unable to use GitHub for a total of five days. Gentoo developers have revealed that the attackers were able to gain administrative privileges for its Github account, after guessing the account password. The organisation could have been saved if it was using a two-factor authentication, which requires an additional passcode besides the password in order to gain access to the account. Besides this, Gentoo developers did not also have a backup copy of its GitHub Organization detail. What's more? The systemd repo was also not mirrored from Gentoo but was stored directly on GitHub. As a result of the incident, the Gentoo Proxy Maintainers Project was impacted as many proxy maintainers contributors use GitHub to submit pull requests, and all past pull requests were also disconnected from their original commits and closed.

Microsoft recently neutralized a double zero-day exploit

Microsoft provided details on how they collaborated with ESET and Adobe security researchers to find and neutralize a double zero-day exploit before an attacker had a chance to use it. This particular exploit affected both Adobe products (Acrobat and Reader) and Microsoft products (Windows 7 and Windows Server 2008). The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second exploit, which does not affect modern platforms like Windows 10, allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 21

Cyber Pulse: Edition 20

Cyber Pulse: Edition 19

Cyber Pulse: Edition 18

Cyber Pulse: Edition 17

Cyber Pulse: Edition 16

Cyber Pulse: Edition 15

Cyber Pulse: Edition 14

Cyber Pulse: Edition 13

Cyber Pulse: Edition 12

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition, He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.