SOC News: Article

One Article Review

Accueil - L'article:

Source	SecurityWeek
Identifiant	513761
Date de publication	2018-03-14 18:02:05 (vue: 2018-03-14 18:02:05)
Titre	U.S. Energy Firm Fined $2.7 Million Over Data Security Incident
Texte	An energy firm in the United States has been fined $2.7 million over a data security incident that resulted in the exposure of critical cyber assets. The North American Electric Reliability Corporation (NERC) revealed last month that an unnamed power company had agreed to pay the massive penalty and take action to avoid future leaks. The affected entity has not been named, but the penalty notice published by NERC provides some details about the incident and clarifies that while the energy firm agreed to pay the fine, it neither admitted nor denied violating Critical Infrastructure Protection (CIP) NERC reliability standards. The incident, which has been assigned a risk rating of “serious,” involved a third-party contractor that improperly copied data from the energy firm to its own network. Despite receiving training, the contractor failed to comply with the company's information protection program. A security researcher discovered that the contractor allowed anyone to access the data without a username or password. According to NERC, more than 30,000 records were exposed, including critical cyber assets (CCAs), IP addresses, and server host names. The information was available online for 70 days. E&E News, which first reported on the fine, pointed out that one suspect is Pacific Gas and Electric (PG&E), a California-based natural gas and electric utility that exposed a lot of information back in 2016. Researcher Chris Vickery, who at the time worked for MacKeeper, discovered a misconfigured database containing information on 47,000 computers, servers, virtual machines and other devices. PG&E initially said the data was fake, but later admitted that a vendor had exposed its records. Many of the details mentioned in the NERC document match the PG&E incident. Vickery told E&E that PG&E had him delete the data and sign an affidavit, which is exactly what the NERC document describes. SecurityWeek has reached out to PG&E for comment and will update this article if the company responds. Following the significant cyberattacks that hit Ukraine a few years ago, the energy sector in the United States has been taking steps to prevent such incidents. The U.S. Energy Department announced recently its intention to invest over $20 million in cybersecurity projects, and the launch of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Envoyé	Oui
Condensat	2018 access bay ciso compliance data energy fined firm forum half ics identity incident industry links management million moon news over protection register response scada security sponsored strategy tags:
Tags
Stories
Notes
Move

L'article ne semble pas avoir été repris aprés sa publication.

L'article ressemble à 2 autre(s) article(s):

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2018-03-15 17:22:02	(Déjà vu) CTS Labs Provides Clarifications on AMD Chip Flaws (lien direct)	As a result of massive backlash from the industry, Israel-based security firm CTS Labs has provided some clarifications about the recently disclosed AMD processor vulnerabilities and its disclosure method. CTS Labs this week published a report providing a brief description of 13 critical vulnerabilities and backdoors found in EPYC and Ryzen processors from AMD. The flaws can allegedly be exploited for arbitrary code execution, bypassing security features, stealing data, helping malware become resilient against security products, and damaging hardware. The vulnerabilities affect AMD's Secure Processor, an environment where critical tasks are executed in order to secure the storage and processing of sensitive data and applications. The flaws have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA, and exploiting them requires elevated privileges to the targeted machine. AMD was only notified 24 hours before the vulnerabilities were disclosed, but no technical details have been published in order to prevent exploitation for malicious purposes. CTS Labs was only launched recently and its founders' work experience has raised some questions. This, combined with the lack of technical details in the report has made many people doubt that the vulnerabilities exist or that they are as critical as the company claims. However, Dan Guido, CEO of Trail of Bits, and Alex Ionescu, a reputable researcher and Windows security expert, have confirmed CTS Labs' findings after reviewing technical information provided by the company. Guido was paid to review the work, but Ionescu said he wasn't. CTS Labs has come under fire for not giving AMD time to release patches before its disclosure. A disclaimer from the firm and a report from a controversial company named Viceroy Research suggest that the existence of the vulnerabilities was made public as part of an investment strategy, similar to the 2016 incident involving MedSec, Muddy Waters and St. Jude Medical. In response to criticism, CTS Labs CTO Ilia Luk-Zilberman argued that the company's approach to “responsible disclosure” is more beneficial for the public. He proposes that instead of notifying vendors and giving them a certain amount of time to release patches before disclosing full technical details, researchers should notify the public and the vendor at the same time without ever making technical details public, unless the flaws have been patched.
	2018-03-27 05:59:03	(Déjà vu) Canadian Firm Linked to Cambridge Analytica Exposed Source Code (lien direct)	Source code belonging to Canada-based digital advertising and software development company AggregateIQ has been found by researchers on an unprotected domain. The exposed files appear to confirm reports of a connection between AggregateIQ and Cambridge Analytica, the controversial firm caught in the recent Facebook data scandal. On March 20, Chris Vickery of cyber risk company UpGuard stumbled upon an AggregateIQ subdomain hosting source code for the company's tools. The files, stored using a custom version of the code repository GitLab, were accessible simply by providing an email address. The exposed information included the source code of tools designed for organizing information on a large number of individuals, including how they are influenced by ads, and tracking their online activities. The files also contained credentials that may have allowed malicious actors to launch damaging attacks, UpGuard said. The nature of the exposed code is not surprising considering that the firm is said to have developed tools used in political campaigns around the world, including in the United States and United Kingdom. AggregateIQ has been linked by the press and a whistleblower to Cambridge Analytica, a British political consulting and communications firm said to be involved in the presidential campaigns of Donald Trump and Ted Cruz, and the Brexit “Vote Leave” campaign. Cambridge Analytica recently came under fire after it was discovered that it had collected information from 50 million Facebook users' profiles and used it to create software designed to predict and influence voters. Facebook has suspended the company's account after news broke, but the social media giant has drawn a lot of criticism, both from customers and authorities. According to some reports, AggregateIQ was originally launched with the goal of helping Cambridge Analytica and its parent company SCL Group. In a statement published on its website over the weekend, AggregateIQ denied reports that it's part of Cambridge Analytica or SCL. It has also denied signing any contracts with the British firm and being involved in any illegal activity. However, there appears to be some evidence that Cambridge Analytica owns AggregateIQ's intellectual property, and the files discovered by UpGuard also seem to show a connection. For example, two of the AggregateIQ projects whose source code was exposed contained the string “Ripon,” which is the name of Cambridge Analytica's platf	Guideline