Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 4-5-2021

FBI: APTs Actively Exploiting Fortinet VPN Security Holes
According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are exploiting CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.
https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/
 
Hackers Demand $40M in Ransom From Florida School District
During several days of communications, which were captured in a transcript obtained by the Sun Sentinel, a district official tries to negotiate a lower price for the ransom and explains the district does not have access to enough funds to pay the exorbitant fee requested by the attackers. The district offered to pay $500,000, but negotiations broke down soon after.
https://www.darkreading.com/attacks-breaches/hackers-demand-$40m-in-ransom-from-florida-school-district/d/d-id/1340580
 
533 million Facebook users' phone numbers and personal data have been leaked online
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
 
5 ways 'deepfakes' could infiltrate healthcare
1. Sophisticated phishing
2. Identity theft
3. Fraud and theft of services
4. Manipulated medical images
5. But not all altered data is malicious
https://www.modernhealthcare.com/cybersecurity/5-ways-deepfakes-could-infiltrate-healthcare
 
Payments Power Healthcare’s Much-Needed Evolution
Before a cyberthief commits a crime, their online behavior betrays their purpose. Jack Alton, Neuro-ID CEO and Tommy Nicholas, CEO of Alloy, told PYMNTS’ Karen Webster the intent evident in data entry can become the clues that separate good customer behavior from the fraudster who is trying to impersonate them.
https://www.pymnts.com/healthcare/2021/payments-power-healthcare-evolution/
 
Data from three universities published online in latest Accellion-related data breach
Three universities in the U.S. have had data stolen and published online in the latest data breaches related to a vulnerability in software from Accellion Inc. The universities targeted were Stanford University, the University of Maryland, Baltimore, and the University of California at Berkeley, with one commonality among them: The stolen data was published by the Clop ransomware gang.
https://siliconangle.com/2021/04/04/data-three-universities-published-online-latest-accellion-related-data-breach/s
 
World Economic Forum says boards should follow this one cybersecurity guidance
“The board needs to understand cyber risk, and its role in governing this threat, to perform its oversight function effectively,” the report says. “It continues to be important for members of the board of directors and industry professionals to increase their knowledge of how to address cybersecurity within their organizations.
https://financialpost.com/technology/tech-news/world-economic-forum-says-boards-should-follow-this-one-cybersecurity-guidance-2
 
As ransomware stalks the manufacturing sector, victims are still keeping quiet
In addition to Norsk Hydro, CyberScoop requested interviews with a dozen manufacturers in Europe and the U.S. that have reportedly had their production disrupted by ransomware incidents in the last two and half years. Nearly all either declined to comment, did not respond or said an executive was unavailable by press time.
https://www.cyberscoop.com/honeywell-hack-ransomware-manufacturing-norsk-hydro/
 
US Tech Dominance Rides on Securing Intellectual Property
Stolen IP can be worth staggering amounts of money. Here's just one example: Hackers attempting to steal COVID-19 vaccine IP in December could have gained billions of dollars if successful. IP theft isn't always as high profile as Levandowski's thumb drive full of self-driving car secrets, but smaller thefts still have an enormous impact on companies' bottom lines.
https://www.darkreading.com/vulnerabilities---threats/us-tech-dominance-rides-on-securing-intellectual-property/a/d-id/1340465
 
Exchange Server attacks: Run this Microsoft malware scanner now, CISA tells government agencies
"Since the original issuance of ED 21-02, Microsoft has developed new tools and techniques to aid organizations in investigating whether their Microsoft Exchange servers have been compromised. CISA also identified Microsoft Exchange servers still in operation and hosted by (or on behalf of) federal agencies that require additional hardening," CISA says in the supplement.
https://www.zdnet.com/article/exchange-server-attacks-run-this-microsoft-malware-scanner-now-cisa-tells-government-agencies/
 
Lack of cyber funds in Biden infrastructure plan raises eyebrows
Experts say it was disappointing to see there were no funds set aside to defend systems critical to everyday life from hackers, particularly as the proposal calls for things like $100 billion for improving grid resiliency, the creation of new jobs and developing more clean electricity.
https://thehill.com/policy/cybersecurity/546105-lack-of-cyber-funds-in-biden-spending-bill-raises-eyebrows
 
North's hackers stole $316 million, says UN report
The panel assessed that "cyberactors linked to the Democratic People's Republic of Korea continued to conduct operations against financial institutions and virtual currency exchange houses in 2020 to generate revenue to support its weapons of mass destruction" and ballistic missile programs, referring to the North by its official name.
https://koreajoongangdaily.joins.com/2021/04/01/national/northKorea/North-Korea-sanctions-UN-Security-Council/20210401175600404.html
 
Great Power Internet Governance: Competing with China for the Soul of the Internet
For the past 50 years, the international community had hoped Beijing would become a prosperous, responsible stakeholder of the international order.  Instead, Beijing has mobilized its newfound wealth and state-owned enterprises to engage in a techonomic cold war and reshape internet governance in the image of cyber sovereignty.
https://smallwarsjournal.com/jrnl/art/great-power-internet-governance-competing-china-soul-internet
 
China, Russia use social media to fuel protests in UK
London: The disruption being caused through “Kill the Bill” protests in UK is an effort by the Sino-Russian alliance to destroy trust and confidence in political and institutional systems, in a bid to leave society demoralised and feeling powerless against events.
https://www.sundayguardianlive.com/news/china-russia-use-social-media-fuel-protests-uk
 
How private DoH can help protect data for remote workers
Critics, however, have voiced concerns that relying on public DoH providers carries certain risks: Users’ browsing data becomes visible as do the types of applications they use. This type of visibility could reveal valuable information that is protected or restricted by agency policy.
https://gcn.com/articles/2021/04/02/private-doh.aspx
 
Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It
The problem is not limited to super user accounts on cloud services. Many workstations and servers continue to have overprivileged accounts that could be abused, and it's not just administrator accounts, says Tim Wade, technical director with the CTO team at threat detection firm Vectra.
https://www.darkreading.com/vulnerabilities---threats/insider-threats/enterprises-remain-riddled-with-overprivileged-users----and-attackers-know-it/d/d-id/1340576
 
Qualys: Breach limited to 3rd-party vendor, but attackers trying to make exposure seem worse
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.
https://www.scmagazine.com/home/security-news/data-breach/qualys-breach-limited-to-3rd-party-vendor-but-attackers-trying-to-make-exposure-seem-worse/
 
QNAP caught napping as disclosure delay expires, critical NAS bugs revealed
"We reported both vulnerabilities to QNAP with a four-month grace period to fix them," said Yaniv Puyeski, an embedded software security researcher at SAM, in a blog post on Wednesday. "Unfortunately, as of the publishing of this article, the vulnerabilities have not yet been fixed."
https://www.theregister.com/2021/04/02/qnap_bug_nas/
 
Microsoft revealed the latest truths about working from home. One is truly disturbing
Sixty-one percent of leaders described themselves as "thriving." "You what?" you might mutter. "I'm desperately trying to work out of my bedroom, trapped on Zoom calls for eight hours a day, have no social life and my bosses say they're doing great?" Yours would be an accurate sentiment. Microsoft, you see, says that those who don't make the decisions are thriving 23 points less than their bosses.
https://www.zdnet.com/article/microsoft-revealed-the-latest-truths-about-working-from-home-one-is-truly-disturbing/
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe