Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 4-1-2021

LinkedIn Live, 0830 PDT – Mike Hamilton’s LinkedIn page.
Jake and Mike do 15 minutes of discussion and analysis on the week of news that made the blast.
DHS to propose 'cyber response and recovery fund' for state and local governments
Mayorkas also said the department will start a series of "sprints" -- targeted DHS efforts -- which include a focus on ransomware, securing industrial control systems, protecting transportation systems, safeguarding election security and advancing international capacity building.
Cl0p ransomware gang leaks sensitive data from 6 US universities
The group began posting the alleged stolen data online on the 29th of March. The universities included the following:

  • The Yeshiva University
  • The Stanford University
  • The University of Miami
  • The University of Maryland
  • The University of Colorado Boulder
  • The University of California, Merced
Iranian credential thieves targeting medical researchers
“TA453 typically concentrates on targeting dissidents, academics, diplomats, and journalists. BadBlood shifted targeting to medical research (genetics, oncology, and neurology) and possibly patient-related information,” she told SC Media via email. Proofpoint has no conclusive sense of what the motivation was for the campaign.
Healthcare firms leaving "thousands of sensitive files open"
  • 2/3 of healthcare organisations have over 500 passwords that never expire  
  • On average, 79% of all data is stale 
  • Nearly 20% of files are open to every employee in healthcare organisations (on average)
  • 31,000 sensitive files (HIPAA + financial + proprietary research) are open to everyone
  • Over 50% of organisations have more than 1,000 sensitive files open to every employee
AG Slatery Announces Multistate Settlement with American Medical Collection Agency
The settlement resolves a multistate investigation into the 2019 data breach that exposed the personal information of over 7 million individuals, including 132,451 Tennesseans. AMCA specialized in small balance medical debt collection primarily for laboratories and medical testing facilities. An unauthorized user gained access to AMCA’s internal system from August 1, 2018 through March 30, 2019. AMCA failed to detect the intrusion, despite warnings from banks that processed its payments.
Sophisticated Attacks Shift Away From FIs in Second Half of 2020: NuData
NuData recorded a four-month spike –350% higher than the year’s average – in human-driven attacks on high-value accounts within the financial industry. “As the use of bot detection tools becomes more widespread, this tactic is growing in popularity,” the report stated, noting that as an example, cybercriminals “employ human farms who are paid small sums to complete online tasks, such as solving CAPTCHAs, posting reviews or creating new accounts.”
Cyberattacks Pose Credit Risks for Higher Education
“University wealth will continue to mitigate much of the financial harm of a cyberattack, but it highlights the attractiveness of the sector to cyber criminals,” a Moody’s report said. Universities operating large medical centers are also exposed to cyberattacks affecting health care, where attack-related costs are much higher than they are in education.
FS-ISAC Report Finds Cybercriminals and Nation-State Actors Are Converging, Increasing Cross-Border and Supply Chain Attacks
  • Convergence of nation-states and cybercriminals: Nation-state actors are leveraging the skills and tools of cybercriminals, either knowingly or not, to enhance their capabilities.
  • Cross-border attacks will increase: Cybercriminals test their attack in one country before hitting multiple continents and sub-verticals, as shown by a DDoS extortion campaign targeting ~100 financial institutions in months.
The rapidly rising threat keeping global CEOs up at night
Leaders around the world now view cyber security risks as the greatest threat to their organisations over the next three years. The issue has catapulted to first place from fifth place in the span of six months according to KPMG’s latest 2021 CEO Outlook Pulse Survey of 500 CEOs across 11 countries, signalling the escalating concerns over cyber security weaknesses.
To Help Protect Our Elections, NIST Offers Specific Cybersecurity Guidelines
Written in everyday language, the Draft Cybersecurity Framework Election Infrastructure Profile (NISTIR 8310) draws upon the experience of election stakeholders and cybersecurity experts from across the country, offering an approach for securing all elements of election technology. “This is the first time we have looked at the entire election infrastructure and put together a cybersecurity playbook.”
Expected breach disclosure mandates will test government-industry cooperation
Like governments, major corporations have their networks pinged by hostile actors thousands of times a day, even if none are successful. Companies don't want to be on the hook for reporting to the government every time a phishing message is intercepted or every time a hacker is probing network defense.
Spotting State-Sponsored Cyberattacks
The big differentiator of state-sponsored breaches is not the attackers’ personnel or methods but their motivations. While organized cybercrime attackers typically go after targets they think will generate income, Monahan says, “state-sponsored threat actors are geared toward actions that benefit the ‘state.’ To further the state’s agenda, they seek control over infrastructure and other vital systems and information used by another country’s military organizations, energy providers, or government agencies.
Specifically, the first two principles of intelligence Rovner identifies, a race to collect information in ways that improve one’s position, which is effectively espionage, should be in one group. The second two, undermining the morale of, and sabotaging, one’s rivals, which is effectively covert action, belong in another. (The fifth — prepositioning assets in the event of hostilities — is somewhat distinct from the others.) Disaggregating the intelligence contest in this way has significant implications for policy.
US to publish details on suspected Russian hacking tools used in SolarWinds espionage
The “malware analysis report” from U.S. Cyber Command and the Department of Homeland Security, which CyberScoop obtained, spotlights 18 pieces of malicious code allegedly used by Russian hackers, who exploited software made by the federal contractor SolarWinds and other vendors on their way to infiltrating nine U.S. government agencies and 100 companies.
Privacy Bill Essentials: Colorado Privacy Act
Those rights include:
  • Opting out of personal data processing;
  • Accessing the consumer's personal data and confirm whether a controller is processing such data;
  • Correcting inaccurate data;
  • Deleting personal data; and
  • Transferring a consumer's data upon accessing the data to the extent feasible, no more than twice per year.
Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out
The research, entitled Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google (PDF), also found that Google collects up to 20 times more data from its Android Pixel users compared to the amount of data that Apple collects from iOS users.
Ubiquiti breach puts countless cloud-based devices at risk of takeover
Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
Pair accused of turning photos into vids to crack tax dept facial recognition system in China
According to state-controlled outlet Xinhua, the suspects tricked the State Taxation Administration platform’s identity verification system by manipulating high-def photos with a widely available app that turns photos into videos. [...] Once logged in, the pair issued fake invoices on behalf of a shell company, and presumably hoped they'd be paid, the prosecutor alleged.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book