CI Security

IT Security News Blast – 2-11-2020

Law enforcement is now buying cellphone location data from marketers

Experts told the Journal that these are the “largest known troves of bulk data being deployed by law enforcement in the US.” Venntel, a company that licenses location data and is affiliated with the mobile ad company Gravy Analytics, has received $250,000 in contracts in the past few years from DHS, which operates ICE. Public records show that Venntel has also received a contract from the Drug Enforcement Agency (DEA).


The Government Uses ‘Near Perfect Surveillance’ Data on Americans [Subscription]

Since that data is available for sale, it seems the government believes that no court oversight is necessary. “The federal government has essentially found a workaround by purchasing location data used by marketing firms rather than going to court on a case-by-case basis,” The Journal reported. “Because location data is available through numerous commercial ad exchanges, government lawyers have approved the programs and concluded that the Carpenter ruling doesn’t apply.”


DOJ indicts four members of Chinese military for masterminding 2017 Equifax data breach

The breach, one of the most severe cyberattacks in history, resulted in millions of people freezing their credit scores for fear hackers could sell their social security numbers and other unalterable identifying information and secure lines of credit in their name, and a gigantic class action lawsuit against Equifax for failing to secure the information. The identify of the hackers and the way the data were used has been a massive mystery for the past few years.


FBI Currently Has 1,000 Investigations into Chinese Technology Theft

Wray told the audience that China is targeting everything from agricultural techniques to medical devices in its efforts to get ahead economically. While this is sometimes done legally, such as through company acquisitions, China often takes illegal approaches, including cyber intrusions and corporate espionage, says the FBI.  “They’ve shown that they’re willing to steal their way up the economic ladder at our expense,” he said.


Why cybersecurity deserves more attention from hospitals

"I consider the current ransomware attack methods to be the largest threat. They have evolved from enticing people to open corrupt email attachments to active probing of corporate, municipal and healthcare networks," said Indianapolis-based Indiana University Health CISO Mitch Parker. "This has allowed attackers to actively search for and detonate ransomware in critical locations at specific times to cause maximum impact. It's also permitted attackers to exfiltrate data and threaten to publicly publish it," he continued.


German firm finds one million files of Indian patients leaked

“The vulnerability is the complete lack of protection, a PACS system uses the DICOM protocol to communicate. For those systems in India (and found globally), there was no access control, place. That allowed us to access the system… sometimes the understanding of the term 'vulnerability' is a kind of software flaw, which is not the case here. It’s a configuration issue.”


IRS Launches Identity Theft Central Webpage

From this special page, people can get specific information including:

Taxpayer Guide to Identity Theft, including what to do if someone becomes a victim of identity theft

Identity Theft Information for Tax Professionals, including knowing responsibilities under the law

Identity Theft Information for Businesses, including how to recognize the signs of identity theft


Why cyber-risk should take centre stage in financial services

This landscape of a rough neighbourhood coupled with a seemingly underdeveloped security apparatus at the international level poses new challenges of risk management for the financial services sector. A cyber event could trigger a loss of confidence, possibly through compromising the integrity of data on which the flow of finance relies. It could in turn trigger bank runs, liquidity freezes or jumps in market prices.


Norsk Hydro gets more cyber insurance compensation

“The financial impact of the cyberattack is estimated to be around NOK650-750 million (around $70 million – $81 million) for the full year. Hydro has robust cyber insurance in place with recognized insurers. Hydro has recognized NOK187 million (around $20.2 million) insurance compensation in the fourth quarter with the majority reflected in extruded solutions result.”


Pentagon cyber budget is flat in new request

$5.4 billion for cybersecurity. This would cover capabilities to reduce risk to networks, systems and information. Within this request are $678 million for cryptology modernization and next generation platforms, $296.2 million for securing points of information and sharing and $198.5 million for Operationalizing Identity and Credential Access Management (ICAM) modernization. It also includes $67.2 million for operationalizing Comply to Connect (C2C) and Automated Continuous Endpoint Monitoring (ACEM) and $69.8 million for critical infrastructure.


Senate Intelligence Committee releases report on Russian election interference

To combat future problems, the committee recommends the United States take the lead in creating international cyber norms to establish an international agreement on acceptable uses of cyber capabilities. The committee also recommends the Executive Branch prepare for future attacks by developing a range of standing options that can be rapidly executed in the event of a foreign influence campaign. Further, it recommends an integrated response to cyber events, not an isolated domain separate from other geopolitical considerations.


DHS Plans “Urgently” Needed to Secure 2020 U.S. Elections, GAO Warns

CISA has publicly said that it is developing strategic and operations plans with the intention of finalizing them by last month. However, it hasn’t met that goal, its progress hampered by a reorganization that set the target date back to February 14. The plan reportedly includes measures to safeguard the 2020 election against foreign interference, including making the public more aware of the threat, and provide support for political campaigns.


DoD has enduring role in election defense

The Election Security Group's primary objectives are to generate insights on foreign adversaries that lead to improved cyber defenses and to impose costs on countries that seek to interfere. It directly supports partners such as the Department of Homeland Security and the FBI by collecting, declassifying and sharing vital information to enable agencies' efforts in election security.


How Big Companies Spy on Your Emails

The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users' email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users' inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.


How much privacy are students surrendering to attendance-tracking app?

And while it’s true that students have the right to opt-out of using the app, what’s not completely clear is the ramifications to students who exercise this right. For example, are there institutional disadvantages to exercising this right? And how well is this right understood by students? [...] Finally, while by no means limited to Spotter — or even just student data privacy — a significant question to consider when sharing data with an app is what happens if, or when, the app changes ownership?


Emotet Spreads Via Newly Discovered Wi-Fi Module

The malware will try to brute force its way past the Wi-Fi password, if the network is protected, and then go searching for all non-hidden shares — either brute forcing these users in turn or doing the same for the “administrator” account for the network resource. Once individual user accounts are accessed, it drops the service.exe binary, which installs the Windows Defender System Service to gain persistence.


‘I’m Selling Access To An MSP’: How Three Vendors Teamed To Foil Hacking Plot

“I'm selling access to a MSP,” Britt posted under the name "w0zniak," according to federal case files. “They're located in the U.S., eastern side … I have admin access to the hosting panel, passwords for each client is provided and you'll access them through RDP [Remote Desktop Protocol] … 20 in total, notably several law offices, accounting firms, food industry company, and a pharmaceutical company.” To Hanslovan and Weeks, the message fit perfectly within the roles that they have seen develop in the black market for ransomware in recent years.


Facebook loses control of its own Twitter account in hacker attack – and more news

An otherwise slow Friday afternoon has been spiced up by a hacker crew that managed to temporarily take control of Facebook's official Twitter account. OurMine did not say how it got into the Social Network's Twitter account, but it did take the opportunity to blast Zuck and Co.'s security practices[.]

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast