Copy
CI Security

IT Security News Blast – 2-10-2020

Which vulnerabilities were most exploited by cybercriminals in 2019?

Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019. The list is comprised of two vulnerabilities in Adobe Flash Player, four vulnerabilities affecting Microsoft’s Internet Explorer browser, three MS Office flaws and one WinRAR bug[.]

https://www.helpnetsecurity.com/2020/02/06/most-exploited-vulnerabilities-2019/

 

Powerful Cyber Attack Takes Down 25% Of Iranian Internet

In a NetBlocks report, the DEZHFA activation is said to have been implemented in order to "repel a cyber-attack on the country’s infrastructure." With both fixed-line and mobile network providers impacted, it was seven hours before normal internet connectivity was resumed. A spokesperson for Iran's Telecommunication Infrastructure Company, affiliated to the ministry of ICT and Iran's sole provider of telecommunications infrastructure, Sadjad Bonabi, tweeted that a "distributed denial of service attack" (DDoS) had been "normalized" with the "intervention of the Dzhafa Shield."

https://www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/#2b70a31620dc

 

Why is the healthcare industry still so bad at cybersecurity?

It’s a problem that Dr. Suzanne Schwartz, associate director for science and strategic partnerships in the Food and Drug Administration (FDA)’s Center for Devices and Radiological Health, says is the organization’s biggest challenge. How can medical professionals bring in patients and providers who need to be aware of and participate in cybersecurity-related discussions across the industry? It’s why the FDA convened a public meeting of its patient engagement advisory committee meeting last fall to specifically discuss medical device cybersecurity.

https://arstechnica.com/information-technology/2020/02/why-is-the-healthcare-industry-still-so-bad-at-cybersecurity/

 

Why cybersecurity deserves more attention from hospitals

Not all hospitals and medical centers, particularly small, independent hospitals, however, have the budgets to allocate a significant amount of money toward cybersecurity efforts. Rather, they rely on training employees and outside vendors to keep patient data and connected devices secure. [...] Lenny Levy, the former interim CISO of Renton, Wash.-based Providence St. Joseph Health and interim CISO for a large children's hospital is among the hospital leaders emphasizing the importance of quality care and patient safety when it comes to cybersecurity efforts.

https://www.beckershospitalreview.com/cybersecurity/why-cybersecurity-deserves-more-attention-from-hospitals.html

 

Metamofo banking malware spreads around the world

Fortinet’s FortGuard Labs captured an example of the newest edition noting that unlike its predecessor, which only aimed at Brazilian banks, this model is hitting financial institutions across a wide swath of the globe. These include 20 financial institutions in multiple countries, including the U.S., Canada, Peru, Chile, Spain, Brazil, Ecuador, Mexico, and others. [...] In both cases an MSI file, an installer package file format used by Windows, is being spread through a ZIP archive and the MSI file is parsed and executed automatically by MsiExec.exe[.] Contained in the payload is a small amount of JavaScript, hidden amongst a great deal of fake JavaScript that is put in just to obfuscate the dangerous code.

https://www.scmagazine.com/home/security-news/malware/metamofo-banking-malware-spreads-around-the-world/

 

Mastercard: Why A Truly Connected Economy Needs A New Security Paradigm

Once everything is connected, and either directly wired into payments or sitting directly adjacent to something that is in the network, the responsibility of the ecosystem is to make sure what is chosen is stable and secure before it is enabled on a network. “There are layers of security and tokens to protect data and all of the advances of the last several years that are effective,” Gerber said. “It isn’t all chaos out there.”

https://www.pymnts.com/internet-of-things/2020/why-truly-connected-economy-needs-standards-new-security-paradigm/

 

$645 Billion Cyber Risk Could Trigger Liquidity Crisis, ECB’s Lagarde Warns

"History shows that liquidity crises can quickly become systemic crises,” Lagarde said, adding, "The ECB is well aware that it has a duty to be prepared and to act pre-emptively." Referring to a European Systemic Risk Board (ESRB) report that estimates the global cost of cyber-attacks at anything up to $654 billion (£507 billion), Lagarde said that "As an operator of critical infrastructures, the ECB obviously takes such threats very seriously."

https://www.forbes.com/sites/daveywinder/2020/02/08/645-billion-cyber-risk-could-trigger-liquidity-crisis-ecbs-lagarde-warns/#34cbbeee7ca8

 

Damages from cybercrime set to hit $6trln per year: Grant Thornton

A recent report by the Ponemon Institute said the Middle East region ranks as the world’s second-highest cost of data breaches, at $6 million for each incident. Half of the cyber attacks in the region target the oil & gas sector. According to Grant Thornton, the region is expected to spend $1.7 billion on information security and risk management in 2020; nearly 11 percent increase from 2019.

https://www.zawya.com/mena/en/business/story/Damages_from_cybercrime_set_to_hit_6trln_per_year_Grant_Thornton-ZAWYA20200209051349/

 

Iran regime ratchets up cyberattacks in wake of Soleimani’s death

In a case of escalation between Iran and the West, Iran will likely aim to launch a cyberattack against critical infrastructures in the United States and its allies, (targeting) energy infrastructure, financial institutions, and transportation systems.” This is not the first time that the Iranian regime has been engaged in such extreme activities, targeting innocent and vulnerable people and organizations. In 2016, the US Justice Department indicted seven Iranian citizens for distributed denial of service attacks against 46 companies mainly in the banking and financial sectors.

https://www.arabnews.com/node/1625186

 

Britain should focus more on Russian cyber attacks and fake news than major conflict, a think tank warns ahead of Defence review. [Subscription]

The government’s forthcoming ‘Integrated’ defence, security and foreign policy review should focus on the national interest to make sense of the “brew of complex and interrelated problems”, the Royal United Services Institute has said in a new report. The return to state-based competition has seen Russia use unconventional tactics to attack the West, the report claims. Given the “stalemate” in conventional military forces with Nato, Russia has increasingly relied on fake news, cyber attacks, subversion and intellectual property theft to undermine opponents, threats that are harder to counter[.]

https://www.telegraph.co.uk/news/2020/02/09/britain-should-focus-russian-cyber-attacks-fake-news-major-conflict/

 

Hackers Working For Turkey’s Interests Believed To Be Behind Recent Cyber Attacks

In 2018, the social media accounts of various reporters and journalists from organizations such as Bloomberg and the New York Times were targeted by a pro-government hacking group known as Ayyildiz Tim. The individuals targeted were all noted for having been outspoken critics of Turkey’s foreign policy and of its prime minister, Recep Tayyip Erdowan. However, the recent cyber attack has a more disturbing implication, as its timing coincides perfectly with recent tensions in the Mediterranean and the Middle East.

https://theowp.org/hackers-working-for-turkeys-interests-believed-to-be-behind-recent-cyber-attacks/

 

CCPA and GDPR: The Data Center Pitfalls of the 'Right to be Forgotten'

For the most part, these laws are designed to protect individual consumers’ privacy. Both the California Consumer Privacy Act (CCPA) and Europe's General Data Protection Regulation (GDPR) include the "right to be forgotten." It entitles every consumer to request that a company delete all the information it has collected about them, with a few exceptions, such as cases where the data needs to be retained to comply with other requirements.

https://www.darkreading.com/operations/ccpa-and-gdpr-the-data-center-pitfalls-of-the-right-to-be-forgotten/d/d-id/1337001

 

California’s new privacy law is off to a rocky start

Many of the tech giants that kicked and screamed in resistance to the new law have acquiesced and accepted their fate — at least until something different comes along. The California tech scene had more than a year to prepare, but some have made it downright difficult and — ironically — more invasive in some cases for users to exercise their rights, largely because every company has a different interpretation of what compliance should look like.

https://techcrunch.com/2020/02/08/ccpa-privacy-law-rocky-start/

 

Apple Just Gave Millions Of Users A Reason Keep Their iPhones

Picked up by 9to5Mac, Apple accidentally left code in its newly released iOS 13.4 beta for ‘CarKey’, an unannounced all-new service which has the potential to transform the automotive landscape by enabling iPhone and Apple Watch owners to use their devices as digital car keys. Strings of code inside iOS 13.4 explain that CarKey will work just like Apple Pay with a user authenticating via biometrics then holding their iPhone / Apple Watch to a reader in the car.

https://www.forbes.com/sites/gordonkelly/2020/02/07/apple-iphone-2020-ios-134-carkey-upgrade-iphone-11-pro-max-update/#7eb686f25fc1

 

Ransomware installs Gigabyte driver to kill antivirus products

A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect. The purpose of these drivers is to allow the hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped. This new novel technique has been spotted in two ransomware incidents so far, according to UK cybersecurity firm Sophos.

https://www.zdnet.com/article/ransomware-installs-gigabyte-driver-to-kill-antivirus-products/

 

Iowa vote tally app debacle should inform security, tech in future elections

There was “insufficient time to test the code functionality, let alone thoroughly evaluate its structural integrity before it was hit with live field conditions and loads,” said Bill Curtis, senior vice president and chief scientist at CAST Research Labs, who pointed out that the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) will vet election technology for free. “But they were not contacted and would not have had time to complete their evaluation before the app went live (or on life support).”

https://www.scmagazine.com/home/security-news/iowa-vote-tally-app-debacle-should-inform-security-tech-in-future-elections/

 

Windows 7 bug prevents users from shutting down or rebooting computers

Windows 7 users have been reporting that they are receiving a popup message that reads "You don't have permission to shut down this computer" every time they attempt to shut down or reboot their systems. The cause of the bug remains unknown at the time of writing. For the past two days, users have been scratching their heads for solutions around the problem. The good news is that they've found at least least one temporary workaround and one unofficial fix to resolve the issue.

https://www.zdnet.com/article/windows-7-bug-prevents-users-from-shutting-down-or-rebooting-computers/

 

Day 4 of outage: UK's Manchester police deploy exciting new carbon-based method to record crime

Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information. [...] But everything's fine, the force insists. "We have robust contingency plans that are successfully executed across the force to minimise disruptions," it said in a statement. This, evidently, includes the cutting-edge technology appropriate to a world-class police force: pencil and paper. Robust indeed.

https://www.theregister.co.uk/2020/02/07/manchester_police_outage/



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast