Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-7-2020

CISA: Emotet increasing attacks on US state, local governments

Emotet, a common banking Trojan when it was first spotted in 2014, in recent years has evolved into a botnet that the TA542 threat group (also tracked as Mummy Spider) uses to deliver second stage malware payloads on infected devices. [...] Today's alert is based on information collected by both CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) since Emotet's resurgence in July 2020.


REvil Hackers Place $1 Million of Bitcoin on Public Forum

·       REvil, a Russian hacker group, has put about $1 million worth of Bitcoin online.

·       The move was part of the group's effort to entice new hackers to their cause.

·       McAfee analysis suggest the group is connected to GandCrab, who targeted local government organisations in Texas last year.


UHS says recovery process complete for corporate data centers after cyberattack

"In the meantime, our facilities are using their established back-up processes including offline documentation methods," the statement read. UHS also specified details of the attack, saying that it was caused by malware. Outlets have reported that the incident appears to be consistent with the Ryuk ransomware.


Working together to secure our expanding connected health future

The challenges are interconnected. The solutions cannot be siloed, and collaboration between manufacturers, doctors, healthcare delivery organizations and regulators is more critical now than ever before.

·       Device manufacturers: Integrating security into product design

·       Healthcare delivery organizations: Prioritizing preparedness and patient education

·       Regulators: Connecting a complex marketplace


Types of Cyber Attacks: A Closer Look at Common Threats

In 2020, 80 percent of firms saw an increase in cyber attacks. You need a robust defense mechanism to prevent your sensitive information from getting exposed to unauthorized users. By understanding the different types of cyber attacks and how they are executed, you can identify potential threats and take the required steps to prevent them if a cybersecurity event occurs.


Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance

Of significant concern is that the report highlights a continued, marked decline in compliance sustainability since 2016. Illustrating these findings is a late September news headline detailing how a technology provider failed to adequately protect bank account information. Time and again, consumers have been let down by poor security controls. Why are organizations still failing to protect payment information?


U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory (Advisory) warning cyber insurers, financial institutions and other organizations that facilitate ransom payments to cybercriminals that such actions “not only encourage future ransomware payment demands but also may risk violating OFAC regulations.” Cyber insurers are concerned as they have been trying to “curb” exposure to vulnerable customers as costs go up. The important question raised regarding this public advisory is whether victims who are insured will still decide to make payments.


New Research Shows Companies With Strong Cybersecurity Outperform the Market By Up To 7%

Analysis shows that indices composed of well-performing BitSight-rated companies outperform their respective benchmarks by 1% to 2% annually.  For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7% per year.


Sibos 2020: Women, internal hiring and escape rooms may solve the cyber resource problem

“Cross organisational teams could do things like orderly mock breaches or tabletop exercises together, and even going to escape rooms designed to successfully escape the room by solving security puzzles together. Be creative with how you establish this culture of cross collaboration cross pollination and cross training across the organization.”


US Space Force guards against cybersecurity threats miles above Earth

“We developed and currently sustain 31 satellite GPS constellations,” Thompson said. “Those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. If GPS went down, a Starbucks wouldn’t be able to handle your mobile order, Uber drivers wouldn’t be able to find you, and Domino’s certainly wouldn’t be able to get there in 30 minutes or less.”


US cybersecurity agency urges utilities to increase protections, warns of potential attacks from China

The CISA alert regarding possible state-sponsored attacks is "what the cybersecurity community has been warning about for some time," said Marty Edwards, vice president of operational technology (OT) security for Tenable. COVID-19 has increased the threat, he said, as more employees work from home and the country's reliance on critical infrastructure "has gone into hyperdrive."


Cyber World War: The People’s Republic Of China, Anti-American Espionage, And The Global Cyber Arms Race

The global cyber arms race is in full swing, and American leadership is necessary to ensure the future of freedom of thought and individuality in cyberspace. The alternative is a sharp contrast, centered around the People’s Republic of China’s (PRC) communist censorship and propaganda machine, combined with their allies around the world, intent on securing ultimate power and crushing the United States in the process.


DHS points to Russia as key disinformation threat ahead of election

“Russia is the likely primary covert influence actor and purveyor of disinformation and misinformation within the Homeland,” the agency noted. “We assess that Moscow’s primary objective is to increase its global standing and influence by weakening America—domestically and abroad—through efforts to sow discord, distract, shape public sentiment, and undermine trust in Western democratic institutions and processes.”


Microsoft says Iranian hackers are exploiting the Zerologon vulnerability

Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. The Iranian attacks were detected by Microsoft's Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet.


NIST launches privacy tech challenge with a $276,000 payout

The National Institute of Standards and Technology launched a quarter-million dollar privacy technology competition this month aimed at making it more difficult to trace large data sets back to individual users. [...] “We’re focusing on temporal and geographic data: a person being tracked over a period of time, like a police officer,” he said. “But there are huge applications elsewhere. Think about all the cell phone applications that collect data.”


EU’s top court blocks states from gathering user data for surveillance

The ECJ’s legal decision, which applies to the “general and indiscriminate” use of such practices in the absence of a “serious threat”, followed challenges brought by privacy advocates, including the UK’s Privacy International and France’s La Quadrature du Net, arguing against policies that they said violated people’s basic rights.


APT Attack Injects Malware into Windows Error Reporting

WER is the crash-reporting tool of the Microsoft Windows OS, introduced in Windows XP. It’s also included in Windows Mobile versions 5.0 and 6.0. [...] “When victims see WerFault.exe running on their machine, they probably assume that some error happened, while in this case they have actually been targeted in an attack,” Jazi and Segura wrote.


Attacks Aimed at Disrupting the Trickbot Botnet

But the new configuration file pushed on Sept. 22 told all systems infected with Trickbot that their new malware control server had the address, which is a “localhost” address that is not reachable over the public Internet[.] It’s not known how many Trickbot-infected systems received the phony update, but it seems clear this wasn’t just a mistake by Trickbot’s overlords. Intel 471 found that it happened yet again on Oct. 1, suggesting someone with access to the inner workings of the botnet was trying to disrupt its operations.


Cybersecurity Pioneer McAfee Arrested on Tax Evasion Charges

McAfee is accused of failing to file tax returns from 2014 to 2018 and hiding assets that include real estate, a vehicle and a yacht in the name of others, the Justice Department said. An indictment returned in June was unsealed on Tuesday after he was taken into custody in Spain, where he is awaiting extradition, according to the department.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book