Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-23-2021

Chinese hackers cloned attack tool belonging to NSA’s Equation Group
Originally, it was thought that a tool created to exploit CVE-2017-0005 was the work of a Chinese advanced persistent threat group (APT) dubbed APT31, also known as Zirconium. However, Check Point now says that the tool, called Jian, was actually a clone of software used by Equation Group and was being actively utilized between 2014 and 2017 -- years before the vulnerability was patched -- and was not a custom build by the Chinese threat actors.
Underwriters Laboratories (UL) certification giant hit by ransomware
UL is the largest and oldest safety certification company in the United States, with 14,000 employees and offices in over 40 countries. [...] It is unknown what ransomware operation conducted the attack and whether they stole unencrypted files. As most enterprise-targeting ransomware operations steal unencrypted files to be used in a double-extortion strategy, the ransomware gang likely stole data during the attack.
Healthcare Data Breaches Halved in January
While December 2020 saw 62 such incidents recorded, only 32 were recorded in January 2021. The 32 breaches occurred across 18 states. Florida, where six of the breaches took place, was the worst affected state. The journal noted: "While this is well below the average number of data breaches reported each month over the past 12 months (38), it is still more than 1 data breach per day."
Data breach at Fred Meyer, QFC and other pharmacies might have exposed personal information
Affected patient information might include: certain names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers, information to process insurance claims, prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services.
Scoop: Sequoia Capital says it was hacked
Sequoia's investors, known as limited partners, include university endowments, tech executives and charitable foundations.
Sequoia told investors that it's been monitoring the dark web, and has not yet seen any indication that compromised information is being traded or otherwise exploited.
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
The Alert contains additional information on detecting data theft and states that all regulated entities that use Instant Quote Websites immediately should review (1) data analytics and website traffic metrics for spikes of quote requests and (2) server logs for evidence of unauthorized access to NPI to determine whether their sites have been hacked.
Local, State and Federal Prosecutors Launch Georgia Cyber Fraud Task Force
From global reporting, comprised of multiple law enforcement and financial partners, between 2016 and 2019, businesses have lost at least $26 billion as a result of BEC scams. Based on the most recent FBI IC3 report, losses from BEC attacks grew another 6 percent in 2020—accounting for 45 percent of all cybercrime losses over the course of the year.
Mayorkas Sets Out Steps to Elevate Cybersecurity
This week, Secretary Mayorkas will increase the required minimum spend on cybersecurity through FEMA grant awards.  To accelerate critical improvements in state and local cybersecurity, CISA will urgently evaluate and implement additional capabilities including potential new grant programs that will enable critical security investments.
State-Sponsored Cyberattacks: A Major Threat to Businesses, Study Finds
In further detail, the key study findings are:

  • State-led and -sponsored cyberattacks are a source of major concern for private organizations
  • Companies expect cyber threats from nation-state actors to increase in the next five years and will be second only to that of organized crime
  • There is a false sense of security
  • Increased corporate investment in cybersecurity is crucial but government action, nationally and internationally, is needed
Hundreds of foreign cyber-attack units are targeting US and Israel, says former IDF intel officer
Attacking is very cheap. Security is very costly. The hackers have no rules. Security has so many rules and regulations. It’s like trying to guard a balloon with bare hands and the hackers have a pin, only needing to get it through the defender’s fingers once to blow up the balloon.”
Ukraine accuses Russian networks of new massive cyber attacks
Ukraine on Monday accused unnamed Russian internet networks of massive attacks on Ukrainian security and defence websites, but gave no details of any damage done or say who it believed was behind the assault. Kyiv has previously accused Moscow of orchestrating large cyber attacks as part of a “hybrid war” against Ukraine, which Russia denies.
Allegations of planted evidence raise questions about hacking ecosystem in India
Wilson is accused of being a member of the banned Maoist party, plotting to use its funds to undermine the government and plotting to kill the prime minister. The documents in question were made in a version of Microsoft Word that Wilson’s computer didn’t have, according to the report. Wilson has long maintained that he did not participate in the demonstration and that he never engaged with the documents in question.
Clubhouse Chats Are Breached, Raising Concerns Over Security
An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it’s “permanently banned” that particular user and installed new “safeguards” to prevent a repeat, researchers contend the platform may not be in a position to make such promises.
Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks
"It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder," a source who develops exploits for government customers told Motherboard, referring to "sandboxes" which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system.
‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push
People who are neurodiverse, they often do a better job with pattern recognition than people who aren’t. And so there are lots of jobs in cybersecurity that require pattern recognition… positions where you’re going out and looking for adversaries that may exist inside of your environment.
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all been attacked by the group, receiving extortion emails threatening to publish stolen data on the “CL0P^_- LEAKS” .onion website, according to an investigation from Accellion and FireEye Mandiant.
Researcher Reports Vulnerability in Apple iCloud Domain
To exploit this vulnerability, an attacker would have to create new content in either Pages or Keynote and enter their XSS payload into the name field. They would have to save this and send it to, or collaborate with, another user. The attacker would then need to make some changes to the content, resave it, and then go to Settings > Browse All Versions.
Apple acts to prevent further spread of Silver Sparrow Mac malware
Apple has reportedly told MacRumors that it is taking several steps to prevent further spread of the Silver Sparrow malware. The company has revoked the certificates of the developer accounts used to sign the packages, which prevents the attackers from infecting any additional Mac users.
Take-Two DMCA takes down reverse-engineered GTA source code
A Github project that generated reverse-engineered code for Grand Theft Auto III and Vice City was taken down over the weekend as the result of a Digital Millennium Copyright Act request from publisher Take-Two. The project—comprising hundreds of thousands of lines of C++ code generated over years of painstaking analysis—did not distribute any of the copyrighted image or music files needed to recompile the game.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book