Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 11-9-2020

FBI: Hackers stole source code from US government agencies and private companies

Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website. The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.


IOTW: Once Considered Off Limits, A Streak Of Ransomware Attacks Hit The United States Healthcare System

These programs have become increasingly automated and sophisticated. Once inside, the infection spreads quickly and often without detection for weeks or months. From there, data is stolen and/or encrypted and systems are rendered useless until a ransom is paid. Such strategies affect IoT and IoMT devices as well.



Earlier this year, INTERPOL had issued a warning to organizations at the forefront of the global response to the COVID-19 outbreak about ransomware attacks designed to lock them out of their critical systems in an attempt to extort payments. According to the Federal Trade Commission, by mid-August 2020 there had been more than 172,000 fraud reports related to the pandemic itself, at the cost of about US$114.4 million.


Ransomware gangs that steal your data don't always delete it

But Coveware says that these types of attacks have reached a "tipping point" and that more and more incidents are being reported where ransomware gangs aren't keeping their promises. For example, Coveware said it had seen groups using the REvil (Sodinokibi) ransomware approach victims weeks after the victim paid a ransom demand and ask for a second payment using renewed threats to make public the same data that victims thought was deleted weeks before.


62% of Financial Services Firms in the UK have Suffered a Cyber-attack in the Last 12 Months

When asked what had the potential to cause the most damage in their organization, UK CISOs cited cybersecurity weakness in the supply chain (60%), the insider threat – malicious or accidental (46%) and hackers gaining access to core systems (42%). Cybersecurity weakness in the supply chain was the main global challenge identified by our respondents.


UCSF Notifies Individuals Regarding Cybersecurity Incident

On June 1, 2020, UCSF detected a cybersecurity attack that occurred in a limited part of the UCSF School of Medicine’s IT environment. In response to this incident, UCSF immediately launched a thorough internal investigation and notified law enforcement. We also retained a leading cyber-security consultant and other outside experts to assist in our investigation and reinforce our IT systems’ defenses.


Capcom hacked in latest cyber-attack on game-makers

It is the latest in a series of recent high-profile leaks and hacks of companies in the industry. Earlier this week, reports suggested that Ubisoft's game about hacking, Watch Dogs: Legion, may have been hacked, with its source code stolen and reportedly leaked online.


Italian beverage vendor Campari knocked offline after ransomware attack

In a text chat window available to RagnarLocker victims, a Campari representative has not replied to the ransomware gang. The ransom demand is currently set for $15 million. Instead, the Italian company appears to have chosen to restore its encrypted systems rather than pay the ransom demand, according to a short press release published on Tuesday, where Campari said it's working on a "progressive restart in safety conditions."


Where President-elect Joe Biden stands on national security issues

To affordably deter Russia and China, Biden said he would shift investments from “legacy systems that won’t be relevant” to “smart investments in technologies and innovations — including in cyber, space, unmanned systems and artificial intelligence.” He also wants to boost neglected nonmilitary investments, such as “diplomacy, economic power, education, and science and technology.”


Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt

Microsoft, AWS, Telstra, Cisco and Salesforce reacted with alarm at the prospect of direct administrative intervention by Australian authorities to counter cyber security threats against certain customers. [...] The powers are broad [pdf]: allowing the government to install programs, “access, add, restore, copy, alter or delete data”, alter the “functioning” of hardware or remove it entirely from premises, according to an exposure draft of the bill published today.


Vietnamese Hackers Ran ‘Fake News’ Websites To Target Visitors

This new research shows that government hacking groups are getting more creative in targeting victims, and are willing to run entire websites with the goal of hacking their targets. [...] The sites—some with more than 10,000 articles in them—contained a "profiling framework" designed to track who visited them and deliver malware in some cases.


Better Election Security Preparation Meant No “Russia, Russia, Russia” in 2020 Vote

In January 2017, then-Homeland Security Secretary Jeh Johnson designated election infrastructure to be critical infrastructure. That meant DHS could prioritize its cybersecurity assistance to state and local election officials who request it. The designation also made it easier for the federal government to have full and frank discussions with key stakeholders regarding sensitive vulnerability information.


Windows 10, iOS, Chrome, and many others fall at China's top hacking contest

Fifteen teams of Chinese hackers participated in this year's edition. Contestants had three tries of five minutes each to hack into a selected target with an original exploit. [...] All exploits were reported to the software providers, per contest regulations, modeled after the rules of the more established Pwn2Own hacking competition that has been taking place in the west since the late 2000s.


Police Are Tapping Into Ring Cameras to Expand Surveillance Network In Mississippi

This may come as a surprise to those who remember that just a few months ago, Jackson was the first city in the South to ban police from using facial recognition technology. Amazon’s Ring subsidiary has made numerous successful inroads with police across the U.S., however, and police are continuing to warm up to the technology.


Ransomware attack shutters Brazilian courts. But did attackers breach the virtual machine divide?

The outlet also says that virtual machines were encrypted and deleted, which is explosive as reaching guest VMs suggests a possible compromise of hypervisor security. And hypervisors' big selling point is that they completely isolate guests. An attack that encrypts guests would, theoretically, need to pick them off one by one.


Gitpaste-12 Worm Targets Linux Servers, IoT Devices

The first phase of the attack is the initial system compromise. The malware’s various attack modules include 11 previously-disclosed vulnerabilities. That includes flaws in Apache Struts (CVE-2017-5638), Asus routers (CVE-2013-5948), Webadmin plugin for opendreambox (CVE-2017-14135) and Tenda routers (CVE-2020-10987).


Apple Patches Three Actively Exploited Vulnerabilities

Tracked as CVE-2020-27930, the first of the vulnerabilities resides in the FontParser component and could be exploited for the execution of code via maliciously crafted fonts. This, Apple explains, is a memory corruption issue that was addressed by improving input validation. Residing in the kernel and tracked as CVE-2020-27950, the second vulnerability could result in a malicious application disclosing kernel memory. The third flaw, CVE-2020-27932, could allow an application to execute code with kernel privileges.


You clicked on what?! Shaming among the most effective deterrents for phishing scams

Indeed, security practitioners should aim such information security awareness programs to inform users about intrinsic and extrinsic factors which can influence their behavior. Therefore, employees can be more vigilant to understand how cybersecurity criminals can exploit employee’s perception from different individual/motivational, organizational, and technological perspectives.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book