Pete Recommends – Weekly highlights on cyber security issues April 6, 2019

Subject: TSA pushes on 3D baggage scanning
Source: FCW

Pekoske called computed tomography a “game changer” for airport security, since the scanners will be able to automatically detect explosives and other dangerous items in passengers’ checked bags, as well as provide a three-dimensional image of those items inside carry-on bags.

Passengers eventually won’t need to remove items such as laptops and common containerized liquids from their carry-ons. Those capabilities, said Pekoske, will come online in three to five years as the machines are deployed and software aboard them is upgraded.

Subject: A DNA Company Wants You to Help Catch Criminals
Source: The Atlantic via Route Fifty

Family Tree DNA was criticized for secretly working with the FBI. Now it’s explicitly asking potential customers to help law enforcement.

Give us your DNA. Help catch a criminal. That’s the message of a recent ad from the genetic-testing company Family Tree DNA. The video stars Ed Smart, whose daughter Elizabeth Smart was abducted at age 14, exhorting viewers to upload their DNA profiles to the company’s website.

Not so long ago, DNA-testing companies were known only for their promise to unlock medical secrets or trace family histories. What’s changed is the arrest of the alleged Golden State Killer. Since police tracked down a suspect in the notorious case by uploading crime-scene DNA and finding distant relatives on a genealogy website, the same technique has led to dozens more arrests for rapes and murders. Forensic genealogy has become, if not exactly routine, very much normalized.

filed under:

Subject: How Saudi Arabia could have hacked Jeff Bezos’ cell phone
Source: Reuters via Business Insider

  • Amazon CEO Jeff Bezos’ personal security consultant Gavin de Becker believes Saudi Arabia had access to Bezos’ phone, according to an op-ed published by de Becker on Saturday in The Daily Beast.
  • While de Becker didn’t say how the Saudis gained access to his phone, the country has been accused in the past of using advanced spyware to track its adversaries.
  • Some of that spyware comes from NSO Group, an Israeli company valued at $1 billion that sells technology that can track texts, emails, calls, apps and location data from “the air without leaving a trace,” according to a New York Times investigation.

A foreign government surveilling a powerful American CEO using advanced technologies? It sounds like the stuff of a spy novel.

But as it turns out, tracking people’s cell phones is a well-established practice, and the technology behind it — known as “lawful intercept spyware” — is a $12 billion industry.

Software can track texts, emails and apps

While De Becker stopped short of asserting how Saudi Arabia accessed Bezos’ phone, his op-ed linked out to a New York Times article on “internet mercenaries” including NSO Group, DarkMatter, and Black Cube — companies which use technological prowess to put advanced spying techniques in the hands of governments around the globe.

The most established is NSO Group, $1 billion Israeli startup that’s open about its mission to help “government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe.’

Subject: Popup enlarges at the last second so users click on ads instead of ‘Close’ button
Source: ZDNet

If there’s one thing that cyber-criminals are good at, it’s at coming up with new ideas to generate profits in the shadiest and sometimes the most original ways.

Among all criminal groups, the most creative bunch are the ones involved with malvertising (malicious ads). Because of the quick pace at which browser vendors tend to patch reported problems, these groups need to come up with new tricks more often than their colleagues involved with desktop or mobile malware.

Over the past few months, security researchers at Malwarebytes, who study the evolution of malvertising groups and their respective campaigns, have observed a new method that crooks are using to generate profits.

The idea is to lure unsuspecting users on malicious websites that show an ad inside a popup. Like most popups, a “close” button will be displayed in the popup’s top-right corner.

Topic: Security

Subject: Make Sure You’re Aware Of These Safety Tips When Using Uber And Lyft
Source: KDKA – CBS Pittsburgh

PITTSBURGH (KDKA) — Two incidents involving women trying to get a ride using a ride sharing app have ended tragically in the past week. Police in Massachusetts are investigating the alleged rape of a female passenger and the University of South Carolina is mourning the death of a student who thought she was getting into an Uber.

Although popular ride sharing app’s like Uber and Lyft have many built in safety mechanisms, a Pittsburgh Uber driver says there are still many reasons to proceed with caution.

Not taking a ride with a stranger is practical advice you grow up hearing, but now it’s something many do frequently.

Filed Under: Lyft, Safety, Uber

Subject: Supply Chain Risk Management
Source: NCSC

April Is National Supply Chain Integrity Month

NCSC works with its partners to assess and mitigate the activities of foreign intelligence entities and other adversaries who attempt to compromise the supply chains of our government and industry. These adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals. The cost to our nation comes not only in lost innovation, jobs, and economic advantage, but also in reduced U.S. military strength. During National Supply Chain Integrity Month, NCSC works to raise awareness about supply chain threats, while providing resources to mitigate risks.

Click here for a list of scheduled public supply chain events in April involving NCSC.


NB NCSC Newsroom:

bonus RSS feed:

Subject: Silicon Valley is Fighting a New Kind of Identity Fraud
Source: Cheddar

A relatively new kind of identify fraud is wreaking havoc with completely fake personas—and Silicon Valley startups are helping banks fight it.

Synthetic fraud occurs when credit applicants create fake identities as “real” people with credit bureaus, take on debt, and then skip out on the repayment. By contrast, victims of traditional identity theft tend to find out that someone is using their personal information by seeing a loan they don’t recognize on their credit report or getting a call from a collections agency.

Because of how lenders and their systems are designed to combat identity fraud involving real identities, synthetic fraud represents a mounting problem. The Federal Trade Commission recently said that synthetic fraud is “the fastest growing” type of identity fraud in the United States.


Sample RSS:

Subject: Researchers Demonstrate Malware That Can Trick Doctors Into Misdiagnosing Cancer
Source: WaPo via Gizmodo

Hospitals, like the rest of us, are extremely online. The equipment we use, the data it discovers and the critical medical information it deciphers can all be connected to the internet — and if it’s connected, it needs to be carefully secured.

A new report from Kim Zetter outlines the research done by Israeli academics to develop malware that infects CT and MRI scanning machines used to diagnose cancer. The malware can be used to manipulate test results and fool doctors, and in a study, it managed to successfully trick radiologists into misdiagnosing patients.

Posted in: Cybercrime, Cybersecurity, Healthcare, Travel