Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-12-2021

Ransomware group posts stolen North Carolina county health data online
The first data upload was made Nov. 4 and contained "mostly innocuous" files, Chatham County Manager Dan LaMontagne told the publication. A second data upload in late January, however, contained more sensitive data, which has been viewed more than 30,000 times, according to the ransomware site.
https://www.beckershospitalreview.com/cybersecurity/ransomware-group-posts-stolen-north-carolina-county-health-data-online.html
 
What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?
According to the Fifth Circuit, the HHS ruling on the company’s encryption measures was incorrect. The Security Rule does not address the effectiveness of an encryption mechanism, only that a covered entity must implement an encryption mechanism or adopt an alternative and equivalent method to protect ePHI.
https://www.natlawreview.com/article/what-does-fifth-circuit-s-vacating-hhs-hipaa-fines-mean-companies-year
 
Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
Rather than just competing with each other, ransomware groups increasingly appear willing to observe and learn from each other and to adapt and apply tactics and extortion methods that have worked for other groups. As one example, O’Connor points to the operators of REvil, one of the most prolific ransomware strains targeting healthcare organizations, openly complimenting and then using the triple extortion tactics used by the operators of DarkSide, another major ransomware threat.
https://www.darkreading.com/attacks-breaches/growing-collaboration-among-criminal-groups-heightens-ransomware-threat-for-healthcare-sector/d/d-id/1340142
 
The most important cybersecurity topics for business executives
Data privacy topped the list at 35%, and this makes sense given regulations like GDPR and CCPA.  In the past, data privacy was handled by legal teams, but with the onset and growth of regulations, CISOs have been asked to operationalize data privacy.  In other words, security teams are responsible for things like data discovery, the introduction of new data security controls, and coordination around technologies for data deletion.
https://www.csoonline.com/article/3605279/the-most-important-cybersecurity-topics-for-business-executives.html#tk.rss_all
 
BC real estate agency sustains unusual ransomware attack
Although an investigation into the attack is still ongoing, Redman believes that the malicious actors responsible for the breach only managed to copy what the director calls “non-personal company data.” This data includes “graphic design stuff that the company does for people.”
https://www.insurancebusinessmag.com/ca/news/cyber/bc-real-estate-agency-sustains-unusual-ransomware-attack-246105.aspx
 
Financial Sector Cyber-Attacks: The Ever-Evolving Threat
One of the most prevalent adversaries in this area is state-sponsored North Korean Lazarus Group. The group, whose aim is to raise revenue for the financially isolated North Korean government, was a pioneer of this more ambitious approach in its fraudulent use of compromised SWIFT access. Other cyber criminals including sophisticated Russian-speaking hackers have followed suit and targeted different internal banking systems in a bid to enable large-scale fraud in other ways.
https://www.globalbankingandfinance.com/financial-sector-cyber-attacks-the-ever-evolving-threat/
 
Federal election agency adopts updated voting security standards. Not everyone is happy.
On the plus side, experts said the guidelines — VVSG 2.0 for short — would promote “software independence,” which translates into machines needing to produce independently verifiable records. The result will be the existence of verifiable paper ballots that election officials can audit after votes are cast.
https://www.cyberscoop.com/eac-vvsg-wireless-vote/
 
U.N. Members Plan New Cyber Group as States Suffer Large-Scale Hacks [Subscription]
European diplomats are pushing to create a long-term United Nations group that would consider how to respond to government-sponsored cyberattacks, while also involving companies in discussions about how to design secure technology. France is spearheading a proposal to establish the group, which would replace U.N. forums on cybersecurity that will end this year. Large-scale cyberattacks such as last year’s SolarWinds hack on companies and government offices in the U.S. underline the need for more international cooperation[.]
https://www.wsj.com/articles/u-n-members-plan-new-cyber-group-as-states-suffer-large-scale-hacks-11613039400
 
Lawmakers concerned CISA lacks ‘centralized visibility’ to hunt agency cyber threats
Several of NSTAC’s recent recommendations to the president — such as accelerating the adoption of cybersecurity guidelines, promoting software and supply chain assurance and a whole of nation approach to ensure leadership in emerging technologies — will find their way into a new national cyber strategy, Neuberger said.
https://federalnewsnetwork.com/cybersecurity/2021/02/lawmakers-concerned-cisa-lacks-centralized-visibility-to-hunt-agency-cyber-threats/
 
Virginia is about to get a major California-style data privacy law
If adopted, the Consumer Data Protection Act would apply to entities of a certain size that do business in Virginia or have users based in Virginia. The bill enjoys broad popular support among state lawmakers; it passed 89-9 in the Virginia House and unanimously (39-0) in the state Senate, and Democratic Gov. Ralph Northam is widely expected to sign it into law without issue in the coming days.
https://arstechnica.com/tech-policy/2021/02/virginia-is-about-to-get-a-major-california-style-data-privacy-law/
 
Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe Browsing
That means when Safari users visit a website with Safe Browsing active, their IP addresses will be associated with an Apple domain rather than their internet service provider or corporate network. Google would normally have access to this information from those using Safe Browsing-enabled applications, depending on the specific API used, but now won't for mobile Safari users.
https://www.theregister.com/2021/02/12/apple_safe_browing/
 
TEN HACKERS ARRESTED FOR STRING OF SIM-SWAPPING ATTACKS AGAINST CELEBRITIES
The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families. The criminals are believed to have stolen from them over USD 100 million in cryptocurrencies after illegally gaining access to their phones.
https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities
 
A Windows Defender Vulnerability Lurked Undetected for 12 Years
When the driver removes a malicious file, it replaces it with a new, benign one as a sort of placeholder during remediation. But the researchers discovered that the system doesn't specifically verify that new file. As a result, an attacker could insert strategic system links that direct the driver to overwrite the wrong file or even run malicious code.
https://www.wired.com/story/windows-defender-vulnerability-twelve-years/
 
Microsoft urges customers to patch critical Windows TCP/IP bugs
They are all exploitable remote by unauthenticated attackers and are tracked as CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. Two of them expose unpatched systems to remote code execution (RCE) attacks, while the third one enables attackers to trigger a DoS state, taking down the targeted device.
https://www.bleepingcomputer.com/news/security/microsoft-urges-customers-to-patch-critical-windows-tcp-ip-bugs/
 
Military, Nuclear Entities Under Target By Novel Android Malware
“While SunBird features remote access trojan (RAT) functionality – a malware that can execute commands on an infected device as directed by an attacker – Hornbill is a discreet surveillance tool used to extract a selected set of data of interest to its operator.”
https://threatpost.com/military-nuclear-entities-under-target-by-novel-android-malware/163830/
 
Researchers identify 223 vulnerabilities used in recent ransomware attacks
Researchers from RiskSense have identified as many as 223 distinct IT security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were tied to attacks involving ransomware in 2020. That represents a fourfold increase in the number of ransomware-related vulnerabilities discovered in their last report published in 2019.
https://www.scmagazine.com/home/security-news/ransomware/researchers-identify-223-vulnerabilities-used-in-recent-ransomware-attacks/
 
Mastercard will support cryptocurrencies—but not the ones you think
However, Mastercard says that it's only going to support cryptocurrencies that meet a number of requirements—including stability, privacy, and compliance with money laundering laws. The problem is that few cryptocurrencies meet Mastercard's criteria. Indeed, it's not clear if any of them do.
https://arstechnica.com/tech-policy/2021/02/mastercard-will-support-cryptocurrencies-but-not-the-ones-you-think/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe