Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-6-2021

Bucking Trump, NSA and FBI say Russia was “likely” behind SolarWinds hack
The statement is at odds with tweets from US President Donald Trump disputing the Russian government’s involvement and downplaying the severity of the attack, which compromised the software distribution system of Austin, Texas-based SolarWinds and used it to push a malicious update to almost 20,000 of its customers.
Widely Used Software Company May Be Entry Point for Huge U.S. Hacking
American intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure. [...] JetBrains, which counts 79 of the Fortune 100 companies as customers, is used by developers at 300,000 businesses. One of them is SolarWinds, the company based in Austin, Texas, whose network management software played a central role in allowing hackers into government and private networks.
Attacks on Israeli medical institutions up 25 percent, says Israeli cyber security firm
The data show a 145 percent increase in cyberattacks on the healthcare sector in Central Europe, followed by East Asia (137 percent), South America (112 percent) and North America (37 percent). “Given the global pandemic, the burden on hospitals and even the vaccination campaigns taking place in various medical institutions, it is understandable why this sector particularly has been under attack,” said the report.
After widespread hospital attacks, targeting of health care industry continues to rise
Some regions and countries were hit harder than others, but the numbers underscore the global nature of the increase. Central Europe, East Asia and Latin America all saw attacks against their healthcare facilities more than double, with Europe in total (67%) and North America (37%) seeing significant but substantially smaller increases. By country, the biggest jumps happened in Canada (250%), Germany (220%) and Spain (100%).
Data Analytics Company Settles with FTC Over Alleged Data Security Violations
Ascension, a data analytics company serving the mortgage industry, recently settled with the Federal Trade Commission (FTC) over charges that it violated the Gramm-Leach-Bliley (GLB) Act Safeguards Rule, as well as its own policies, when it neglected to vet the data security practices of a service provider and require the vendor to adequately protect personal information of mortgage holders.
Researchers Disclose Details of FIN7 Hacking Group's Malware
Researchers at Morphisec Labs have published fresh details about a malware variant called JSSLoader that the FIN7 hacking group has used for several years. Although FIN7 is suspected of using JSSLoader during several campaigns, details about the malware have been elusive. During a failed attack in December, however, the Morphisec researchers recovered a version of this remote access Trojan, which is written in the .NET programming language.
Tactics for Effectively Communicating Cybersecurity Risk to Boards of Directors Outlined in New ISACA Paper
Reporting Cybersecurity Risk to the Board of Directors provides cybersecurity and risk professionals with a foundational understanding of how boards of directors are structured, as well as offers guidance around how to present cybersecurity as a business issueincluding helping boards understand their legal and regulatory obligations, the potential disruption to systems, and risk of data loss and theft.
Nissan investigating possible source code exposure
Tillie Kottmann, a software engineer, publicized the apparently leaked information earlier this week on Twitter and Telegram. They told CyberScoop the information came via a “severely mismanaged” server that had the username and password of “admin:admin.” “I was informed about the server by an anonymous source but acquired it myself and can thus mostly verify it[.]”
Justice Department also hacked by Russians in the ongoing cyberespionage campaign, officials say
“At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent[.] The Justice Department joins the departments of Treasury, Commerce, State, Homeland Security and Energy with known breaches, which were carried out by the Russian foreign intelligence service, the SVR, according to U.S. officials who, like others, spoke on the condition of anonymity to discuss an open investigation.
The U.S. Failed to Execute Its Cyberstrategy—and Russia Pounced
Such a colossal failure might reasonably lead observers to second-guess the United States’ long-standing cyberstrategy. But as details of the hacking campaign emerge, they will likely reveal that the failure was not one of strategy but of execution. To address the country’s vulnerabilities now requires not a new grand cyberstrategy but the discipline and resources to implement the current one.
SolarWinds Government Data Breach Leads to Securities Action
The complaint alleges that SolarWinds violated federal securities law by making false and/or misleading statements and failing to disclose material facts regarding SolarWinds’ cybersecurity practices and protocols, which artificially inflated the market price of SolarWinds’ shares. When news of the hack became public, the value of Solarwinds’ securities dropped, thereby producing an economic loss for investors[.] Lead counsel has not yet been designated. After a lead plaintiff is appointed, we can expect an amended complaint to be filed with additional allegations.
NSA shares guidance, tools to mitigate weak encryption protocols
"NSA recommends that only TLS 1.2 or TLS 1.3 be used and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS1.1 not be used." Implementing the measures in NSA's guidance eliminates the false sense of security provided by obsolete encryption protocols by helping block insecure TLS versions, cipher suites, and key exchange methods to properly encrypt network traffic.
Cyber criminals are taking aim at online gaming for their next big pay day
Compromised credentials up for sale – often only for just a few dollars – include usernames and passwords for all manner of business resources used by employees throughout gaming companies, including admin panels, VPNs, developer environments, client facing resources and more. But in some cases, cyber criminals don't even need to scour underground forums for adverts selling compromised accounts – researchers say there are 500,000 leaked credentials available for free as a result of previous data breaches.
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw
The vulnerability stems from Zyxel devices containing an undocumented account (called zyfwp) that has an unchangeable password – which can be found in cleartext in the firmware[.] The flaw, which had a CVSS Score of 7.8 out of 10 (making it high severity), could be exploited by attackers to log in with administrative privileges – and ultimately take over affected devices.
Dark Web Forum Activity Surged 44% in Early COVID Months
While the growth can be explained by the increase in people sitting inside with the lack of other things to do, Sixgill security research lead Dov Lerner was surprised by the jump in activity. One site's growth did not hinder another's, a sign that participation on the Dark Web is growing. [...] "Everyone's stuck at home; people are bored and looking for something to do … I would have guessed that the number of [Dark Web] actors would rise as well," he says.
It’s Not the Trump Sex Tape, It’s a RAT
A campaign has been uncovered that labels a malware downloader with the filename “TRUMP_SEX_SCANDAL_Video,” according to a new report from Trustwave researchers. It’s being spread via malicious links in emails. If clicked, the links don’t take the user to a salacious video, but instead install QRAT, providing criminals with total remote access of an infected system.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book