CI Security

IT Security News Blast – 11-4-2019

Jobs: Companies struggle to find skilled cybersecurity workers as attacks intensify
“The volume of attacks and sophistication of attacks from around the world continue to increase [...] And so as these activities on the web continue to grow, there continues to be less and less of the qualified people that we need to conquer those attacks.” [...] The survey finds that 65% of organizations report a shortage of cybersecurity staff, and more than a third say that skilled personnel is a top concern. Shearer says talent retention is a continual issue in this tight labor market, and burnout can occur as the number and severity of cyberattacks intensify.
NordVPN users’ passwords exposed in mass credential-stuffing attacks
As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts. In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the email addresses, plain-text passwords, and expiration dates associated with NordVPN user accounts.
ONC Highlights Key Benefits of Security Risk Assessment Tool
Developed in collaboration with the Department of Health and Human Services and the Office for Civil Rights, the tool was updated in October 2018. The updates included an enhanced user interface, modular workflows, custom assessment logic, progress tracker, threats and vulnerabilities rating, and detailed reports. ONC also added business associate and asset tracking, an area that many providers have struggled to keep pace of in the current expansive digital health environment.
Paradise ransomware: Now victims can get their files back for free with this decryption tool
Researchers at cybersecurity company Emsisoft have released a free decryption tool for Paradise – a ransomware sold 'as-a-service' on the dark web which has been locking the networks of victims and holding them for ransom since September 2017. Paradise ransomware is typically delivered inside a malicious zip attachment in phishing emails. Once the user opens the file, the ransomware unpacks itself and encrypts files on the affected computer, adding extensions including ".paradise", ".2ksys19", ".p3rf0rm4", and ".FC".
Keeping up with the evolving ransomware security landscape
They can then tailor the amount of money demanded accordingly, in the knowledge of what the company can, or will, pay. Even inexperienced hackers have the option to create highly damaging attacks, as it’s relatively easy and cheap to purchase customisable ransomware on the dark web. [...] Worryingly, the next stage in the evolution of ransomware attacks could see them beginning to destroy files instead of just encrypting them.
Maritime cyber security, threats, trends, and relevant safeguards
Even more than within other sectors, across the maritime domain’s evolving landscape of real-time connectivity requirements, which provides data in order to optimize maritime operations and customer experience, there are increasing vulnerabilities onboard vessels, potentially leading to ever more disruptive incidents; in what follows, Giuseppe D’Agostino, Associate Cybersecurity & Privacy Partner at PwC, talks about the subject.
NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm
Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse.
Details of Attack on Electric Utility Emerge
For the first time, a malware attack is known to have caused service disruptions of the power grid in three states. The March 5 distributed denial-of-service (DDoS) attack against a Salt Lake City-based renewable energy developer triggered communications outages over the course of 12 hours that affected electric utilities in Utah, Wyoming, and California. The event, triggered by a DDOS attack against sPower — which claims to be the biggest private solar power operator in the United States — temporarily cut grid visibility to roughly 500 megawatts of generating capacity from a dozen solar and wind-power sites.
Finally, a key to the Boardroom for control system cyber security – Moody’s steps up
Because of Moody’s ability to reach the Boardroom, their interest in control system cyber security and its associated risk can be a game changer. According to the Moody’s presentation:
- Cyber event risk is a rising tide
- The financial impact of an attack can lead to weakened credit
- Sectors assessed as high or medium-high risk that use control systems include hospitals, utilities, medical devices, pharmaceuticals, and water/wastewater
Cyber officials tout reforms with one year to Election Day
Democratic House Homeland Security Committee Chairman Bennie Thompson (Miss.), though, warned this week that "in just over a year, voters in many states across the country will vote for president in 2020 on machines that are old, have no paper trail, and are vulnerable to manipulation.” But focus on election security from all levels of government has massively increased in the three years since the 2016 elections, when Russian operatives attempted to interfere in the elections through both hacking and disinformation on social media efforts.
Huawei Soars In Russia As Putin Engages In New ‘Technological War’
A spokesperson for Human Rights Watch warned that Moscow can “directly censor content or even turn Russia’s internet into a closed system—this jeopardizing the right of people in Russia to free speech and freedom of information online.” The mandate for ISPs and telcos to install government hardware is a pretty blunt surveillance backdoor. Ostensibly to provide this domestic cutoff, the tech can clearly perform other functions.
Chinese Hackers Just Gave Us All A Reason To Stop Sending SMS Messages
Now the country’s state-sponsored hackers have demonstrated just how insecure the open SMS technology built into those telcos infrastructures has become. Put simply, if you haven't already shifted to an encrypted platform, now is the time to do so. Such is the vulnerability of SMS messaging, that attackers can monitor for keywords en masse within the network itself. And, as ever, if one attack has shown the way others will be sure to follow.
Emotion recognition and cyber insecurities
Emotion recognition is the latest thing in surveillance, our Shenzhen team discovered, at China's big expo for a burgeoning industry that already offers facial and gait recognition, eye tracking and crowd analysis. [...] Back in the UK, there is concern at getting a proper legal framework in place for the use of live facial recognition. The Information Commissioner's Office, a data protection watchdog, yesterday urged the police to hold back its use in public places, until the government provides new legal guidance for the technology.
The ACCC is suing Google over tracking users. Here’s why it matters
ACCC Chair Rod Sims said Google “collected, kept and used highly sensitive and valuable personal information about consumers’ location without them making an informed choice”. The ACCC alleges that Google breached the Australian Consumer Law (ACL) by misleading its users in the course of 2017 and 2018, including by:

  • not properly disclosing that two different settings needed to be switched off if consumers did not want Google to collect, keep and use their location data
  • not disclosing on those pages that personal location data could be used for a number of purposes unrelated to the consumer’s use of Google services.
Office 365 users targeted with fake voicemail alerts in suspected whaling campaign
The malicious emails take the form of (fake) Microsoft-branded notifications telling recipients of a missed call. They contain an attachment: an HTML file that, when loaded, shows potential victims to a page that:
  • Autoplays a file that sounds like a truncated, recorded voice message
  • Tells them to wait while the entire voice message is downloaded from the server
  • Instructs them to log in to access the message.
Android Keyboard App Could Swindle 40M Users Out of Millions
Once downloaded, researchers said the app makes “suspicious” requests to trigger the purchase of premium digital services in the background – so users are unaware of the activity. Upstream detected 14 million such transaction requests from 110,000 unique devices that downloaded the Ai.type keyboard. If these transactions had not been detected and blocked, the app could have cost victims as much as $18 million, researchers said.
Rudy Giuliani needed Apple genius help to unlock his iPhone after being named Trump cybersecurity adviser
A forgotten password is among the most common missteps in the digital age. But Giuliani’s handling of the situation calls into question his understanding of basic security measures and raises the prospect that, as someone in the president's inner circle, his electronic devices are especially vulnerable to hackers, two former FBI cyber experts told NBC News. “There’s no way he should be going to a commercial location to ask for that assistance,” said E.J. Hilbert, a former FBI agent for cybercrime and terrorism.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast