Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-9-2020

Microsoft Azure Flaws Open Admin Servers to Takeover

Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations. Researchers found two vulnerabilities in the cloud service that specifically affect Linux servers. “The two vulnerabilities we found allow us to combine them and enable any attacker with the ability to forge post requests (SSRF) or [remote] code execution on an Azure App Service to take over the Azure App Service administration server[.]”


New HEH botnet can wipe routers and IoT devices

If the device uses default or easy-to-guess Telnet credentials, the botnet gains access to the system, where it immediately downloads one of seven binaries that install the HEH malware. [...] The only features present are a function that ensnares infected devices and coerces them to perform Telnet brute-force attacks across the internet to help amplify the botnet; a feature that lets attackers run Shell commands on the infected device; and a variation of this second feature that executes a list of predefined Shell operations that wipe all the device's partitions.


2020 COVID-19 Case Study - A Look at Increased Cybersecurity Risk Across the Healthcare Industry -

This crisis has highlighted serious gaps in cybersecurity measures undertaken by many healthcare organizations. Criminals will continue to exploit these once the pandemic has abated. Hospitals and providers will need to invest in stronger post-COVID cybersecurity strategies to prevent these attacks in the future.


Ryuk Ransomware Attack Disrupts Universal Healthcare Services Operations Resulting in Ambulance Diversions and Alleged Deaths

One Reddit user claimed that four patients died because of delayed medical assistance arising from the Ryuk ransomware attack. The Redditor claimed that the healthcare facility was sending patients to smaller hospitals in ambulances, while test results were delivered by courier services. Other UHS employees said that healthcare services were likely to be disrupted despite the assurances given by the hospital’s management.


DHS CISA Shares Best Practice Ransomware Guide, Telework Toolkit

The guide contains step-by-step techniques to harden defenses and general best practices, as well as a checklist for responding to a suspected ransomware attack. Organizations can also find contact information for federal asset response. Healthcare entities can also review ransomware guidance from Microsoft, NIST, and the Office for Civil Rights to better understand the disruptive threat, as recent reports show healthcare remains the prime target for hackers.


Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines

According to research by Thycotic surveying 908 senior IT security decision makers working within organizations with more than 500 employees, 58% plan to add more security budget in the next 12 months. Amid growing cyber threats and rising risks through the COVID crisis, CISOs report that boards are listening and stepping up with increased budget for cybersecurity, with 91% agreeing that their board adequately supports them with investment.


Cybersecurity 2.0

Research recently released by Emsi, the labor analytics experts, includes a sobering conclusion that the United States has less than half of the skilled cybersecurity workers it needs to keep up with burgeoning demand from the red-hot cybersecurity sector, which has created more than 1 million new jobs, ever-intensifying demand. For every 100 job openings in the cybersecurity field, there are only 48 qualified applicants, Emsi reports.


Getting your remote employees cyber-secure at home

[If] staff are using work devices, they need to be able adhere to security policies and be clear on the bounds of permitted use. In the future, businesses must make specific provision for the cyber-security of home workers, if they are to minimise any potential threats or vulnerabilities. [...] Conversely, if staff are using work devices, they need to be able adhere to security policies and be clear on the bounds of permitted use.


Maj. Gen. Crider: Pentagon Will Reassign 1K+ Enlisted Personnel to US Space Force Cybersecurity Team

Space Force is planning to transfer 130 cyber officers, and 1,000 enlisted personnel into the Space Force for cyber work in Fiscal Year 2021. The staff will be organic to the Space Force and focus on defensive operations for space. Crider said these personnel have been supporting this mission within the U.S. Air Force, and will now be moved into the Space Force.


Nations, Services Must Communicate To Collaborate

Over the past year—minus delays due to the pandemic—the military has actively pursued and tested its concept to connect every sensor and data feed to a tactical network. This capability would enable all warfighting options—from kinetic to nonkinetic—across the sea, air, land, space and cyber by all of the services, including Space Force. Tools that enable multidomain operations across several nations must be based on open architecture and common standards.


Waterbear malware used in attack wave against government agencies

Researchers have spotted a fresh Waterbear campaign in which Taiwanese government agencies have been targeted in sophisticated attacks. [...] Waterbear has previously been associated with BlackTech, an advanced cyberattack group that generally attacks technology companies and government entities across Taiwan, Japan, and Hong Kong.


Election 2020: Are the nation’s voting systems secure?

After the 2016 interference, state election officials complained that they were not alerted until nearly a year later that Russians had conducted extensive scanning of election systems, specifically targeting voter registration systems. [...] Communication is vastly improved heading into November, though the threat is unchanged. U.S. intelligence chiefs continue to warn Russia, China and others could interfere in the presidential election beyond so-called “information operations.”


Facebook, Twitter dismantle global array of disinformation networks

After coming under heavy fire for failing to stop alleged Russian efforts to sway the 2016 U.S. election, Facebook and Twitter have announced a string of high-profile takedowns in the weeks leading up to this year’s presidential vote. In multiple cases, the social media companies have worked with U.S. law enforcement to track and dismantle political influence campaigns targeting U.S. voters which have been attributed to foreign states, most notably Iran and Russia.


This stealthy hacker-for-hire group is using phishing, malicious apps and zero-day attacks against its victims

"The sophistication and sheer scope of malicious activity that our team was able to link to Bahamut is staggering," said Eric Milam, VP of research operations at BlackBerry. "Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that Bahamut is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic AV evasion tactics, and more."


More scoring, less boring: How companies can gamify security training

“Interactivity is critical for fostering engagement,” said Bradley Hayes, chief technology officer at Circadence. “Any kind of material that doesn’t include an active participatory element is at risk of resulting in low engagement, low recall and a perception of low value or a waste of time. Especially with remote instruction and remote training being the new norm, it’s essential that exercises and lessons be designed with interactivity and maximizing engagement as a priority.”


MontysThree APT Takes Unusual Aim at Industrial Targets

That’s according to researchers from Kaspersky, who noted that the group uses a variety of techniques to evade detection, including using public cloud services for command-and-control (C2) communications, and hiding its main malicious espionage module using steganography. Spy attacks on industrial holdings are far more unusual than campaigns against diplomats and other nation-state targets, according to the firm.


FBI Issues Warning of Using Hotel WiFi if Teleworking from Hotel

As a result of the increase in the use of hotel rooms for work purposes, the FBI is warning consumers about using hotel WiFi to conduct their work. According to the FBI’s announcement, “[M]alicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests.


U.S. Special Operations Forces Are Getting Ready for War with Russia or China

While the SOF operator fast-roping isn’t likely going away anytime soon, the roles could be greatly expanded—with a team that includes hackers and those with language and thinking skills, and perhaps even accompanied by automated drone combat sidekicks. In other words, SOF could almost resemble an “Ocean’s 11” style team.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book