Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 6-1-2021

Wanted: Millions of cybersecurity pros. Salary: Whatever you want
Critical Insight's Hamilton runs a nonprofit called Public Infrastructure Security Cyber Education Systems, through which students at five universities get hands-on experience by doing security monitoring of real-time data on local government networks, providing a crucial service for small cities and counties that might not otherwise be able to afford it.
https://www.cnn.com/2021/05/28/tech/cybersecurity-labor-shortage/index.html
 
Food giant JBS Foods shuts down production after cyberattack
JBS is currently the world's largest beef and poultry producer and the second-largest global pork producer, with operations in the United States, Australia, Canada, the United Kingdom, and more. [...] "It will depend how long this goes on for, and how long JBS are offline, for it is a supply chain that starts from the farm gate, right through to feed lots, to truck drivers," Littleproud added.
https://www.bleepingcomputer.com/news/security/food-giant-jbs-foods-shuts-down-production-after-cyberattack/
 
IOTW: Irish Healthcare Data for Sale on the Dark Web
The fear now is that scammers unrelated to the HSE attack will buy the data for their own nefarious use. Already, HSE is facing regulatory fines as the result of GDPR and may face lawsuits from victims whose personal data was published online.
https://www.cshub.com/attacks/articles/iotw-irish-healthcare-data-for-sale-on-the-dark-web
 
Attacks On Healthcare Sector Are On The Rise
Medical facilities in California were hit the most, with the number of incidents totaling 49. Texas, with 43 breaches, ranked second in this unsettling rating. The statistic was slightly lower for New York (39 incidents). Florida and Pennsylvania ended up in the same boat, each with 38 documented breaches.
https://www.forbes.com/sites/davidbalaban/2021/05/30/attacks-on-healthcare-sector-are-on-the-rise/?sh=3b7f8a1264c1
 
Securing connected medical devices to protect the future of healthcare
Often, they run on rudimentary operating systems, can be difficult to discover via traditional asset inventory, cannot be scanned via vulnerability management solutions and cannot support corporate endpoint security agents. These devices can be business, IT and cybersecurity blind spots, presenting a major threat for healthcare organisations, and patients alike.
https://www.med-technews.com/medtech-insights/digital-in-healthcare-insights/securing-connected-medical-devices-to-protect-the-future-of-/
 
Interpol intercepts $83 million fighting financial cyber crime
Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
https://www.bleepingcomputer.com/news/security/interpol-intercepts-83-million-fighting-financial-cyber-crime/
 
Firms risk closure as cyber attacks surge, new report warns
According to the Hiscox Cyber Readiness report 2021 some 43 per cent of companies report having been targeted with over a quarter experiencing five assaults or more. One in six businesses attacked (17 percent) also reveal how the financial impact has threatened the company’s future.
https://www.express.co.uk/finance/city/1443403/cyber-attack-firms-security-protection-firms-closure
 
NYDFS Issues Supply Chain Management Guidance
Putting it Into Practice: These NYDFS cybersecurity recommendations highlight for financial services companies the expectations the department has of them with regard to supply-chain risk. Companies would be well-served to review their vendor management practices against these latest recommendations.
https://www.eyeonprivacy.com/2021/05/nydfs-supply-chain-management/
 
As Local Government Cyber Attacks Grow, Network of Colleges Becomes First Line of Defense
Students at Spokane Falls Community College have spotted potential ransomware, malware, and a host of other hostile programs attacking computers at small, city and town governments around Washington. Samantha Schill is one of them. [...] SFCC's program is a part of a non-profit called PISCES, which pairs small Washington state governments with college computer science classes.
https://www.spokanepublicradio.org/post/local-government-cyber-attacks-grow-network-colleges-becomes-first-line-defense#stream/0
 
U.S. government agencies largely fended off latest Russian cyberespionage onslaught: White House
Officials downplayed the assault as “basic phishing” in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups. Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam.
https://www.marketwatch.com/story/u-s-government-agencies-largely-fended-off-latest-russian-cyberespionage-onslaught-white-house-01622480414
 
Nakasone Says U.S. Works to Stay Ahead of Cybersecurity Curve
"Their tactics have evolved far beyond spear phishing and exploitation of weak passwords. Today, our adversaries are targeting and infiltrating our systems by exploiting supply chain and zero-day vulnerabilities, and our adversaries are demonstrating a new risk calculus that has changed the traditional threat landscape."
https://www.defense.gov/Explore/News/Article/Article/2638552/nakasone-says-us-works-to-stay-ahead-of-cybersecurity-curve/
 
Russian group behind SolarWinds spy campaign conduct new cyber attacks
In the latest attack, Microsoft said the group had used USAID’s mass email system, called Constant Contact, to pose as the US international development agency. They sent emails to more than 3,000 accounts at more than 150 government agencies, think-tanks, consultancies and non-governmental organisations.
https://www.ft.com/content/78c3e01e-6d07-4f69-b6ca-08c1b5b8f1f5
 
Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
In addition, the threat actors were also observed removing web shells, ATRIUM, and SLIGHTPULSE, from dozens of compromised VPN devices between April 17 and April 20 in what the researchers describe as "unusual," suggesting "this action displays an interesting concern for operational security and a sensitivity to publicity."
https://thehackernews.com/2021/05/chinese-cyber-espionage-hackers.html
 
Cyber Insurers Hike Rates But Worry About Pricing Long-Term As Losses Mount: Fitch
“The cyber market faced a reckoning in 2020, as loss experience deteriorated, particularly from an influx of ransomware incidents,’ said Fitch Managing Director James Auden. ‘While cyber premium rates are rising sharply, concerns remain that underwriters can successfully price this business longer term.”
https://www.insurancejournal.com/news/national/2021/05/27/616176.htm
 
Amazon devices will soon automatically share your Internet with neighbors
On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.
https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/
 
Have I Been Pwned teams with FBI, gives open-source access to code
The FBI will provide breached SHA-1 and NTLM-hashed passwords to Have I Been Pwned when they are discovered during investigations. Troy Hunt, founder of Have I Been Pwned, reached out to coders on his blog to help design intake software for the data via the Have I Been Pwned GitHub.
https://www.scmagazine.com/password-management/have-i-been-pwned-teams-with-fbi-gives-open-source-access-to-code/
 
Hackers Exploit Post-COVID Return to Offices
The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. In this step the victim is not prompted to input any credentials. “Instead of simply redirecting [victims] to a login page, this additional step adds more depth to the attack and gives the impression that they are actual documents from within the company,” according to the report.
https://threatpost.com/hackers-exploit-covid-office/166550/
 
Deepfake maps could really mess with your sense of the world
“Imagine a world where a state government, or other actor, can realistically manipulate images to show either nothing there or a different layout,” McKenzie says. “I am not entirely sure what can be done to stop it at this point.”
https://arstechnica.com/gadgets/2021/05/deepfake-maps-could-really-mess-with-your-sense-of-the-world/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training 
 every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe