Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 7-1-2020

CI Security Announces Strategic Partnerships to Integrate Medical IoT Device Visibility and Intelligence with MDR

CI Security® announced today a set of unique partnership integrations with leading Internet of Things (IoT) and Internet of Medical Things (IoMT) security vendors Ordr, Medigate, and Cylera, combining device security and visibility with 24x7 Critical Insight MDR. [...] “From my work in hospitals, I’ve seen firsthand how life-saving devices get added to the network and create security challenges,” said Drex DeFord, former CIO at Seattle Children’s Hospital and CI Security executive strategist. “These new partnerships allow security teams to get a real handle on the IoT/IoMT devices on their networks.”


The more cybersecurity tools an enterprise deploys, the less effective their defense is

The research, IBM's fifth annual Cyber Resilient Organization Report, says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%. On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks.


Over 100k daily brute-force attacks on RDP in pandemic lockdown

Convenience in this context took precedence and many users set up easy-to-guess passwords without enforcing additional security layers, such as two-factor authentication. Cybercriminals did not waste this opportunity and increased the number of brute-force attacks targeting RDP services, in an attempt to gain access to the company network, increase privileges to admin level, and deploy their malware.


US Cyber Command says foreign hackers will most likely exploit new PAN-OS security bug

US Cyber Command officials are right to be panicked. The CVE-2020-2021 vulnerability is one of those rare security bugs that received a 10 out of 10 score on the CVSSv3 severity scale. A 10/10 CVSSv3 score means the vulnerability is both easy to exploit as it doesn't require advanced technical skills, and it's remotely exploitable via the internet, without requiring attackers to gain an initial foothold on the attacked device.


New study shows exploitable attack surface within cloud services and remote healthcare [Registration]

The latest Spotlight Report on Healthcare is based on observations and data from January-May of this year using a sample of 363 opt-in enterprise organizations in healthcare and eight other industries. The COVID-19 pandemic has sparked the global adoption of cloud services across all industries, says the report. However, research shows healthcare has suffered the most sudden and rapid pivot to support overwhelmed infrastructure and increased collaboration using the same strapped IT and security resources.


Ransomware vs. healthcare: How the pandemic added to a cyber crisis

Given the trend ransomware operators are following — weaponizing locked data — paying a ransom risks paying for a false promise. "The only way to stop ransomware attacks is to make them unprofitable, and that means organizations must stop paying ransoms," Brett Callow, threat analyst for Emsisoft, told CIO Dive in an email. However, "the only exception, [in] my mind, is hospitals in cases where non-payment could negatively impact patient care, potentially putting lives at risk," said Callow.


3 Ways to Flatten the Health Data Hacking Curve

Sooner or later, your organization is going to be hacked. What's important is how quickly your organization's security team can detect and contain the hack. The healthcare industry has traditionally prioritized preventing data hacks over detecting and containing them, which puts companies in a position of weakness. Verizon's 2020 data breach report found that while detection and response to breach events have generally improved, over 25% of breaches went undiscovered for months.


Bank Compliance Risk 'Elevated' Due To COVID-19, OCC Says

Modified business operations, remote work and government programs that sought to aid consumers — including the Coronavirus Aid, Relief, and Economic Security Act and the Paycheck Protection Program — have only exacerbated those risks as banks face economic woes tied to low interest rates and high loan volumes, according to the report. "Compliance risk is elevated due to a combination of altered operations, employees working remotely, and the requirement to operationalize new federal, state, and propriety programs designed to support consumers ... in a weakened economy," the OCC said.


The “mobius strip” of cyber security

Awareness of digital threats is rapidly accelerating among businesses, but many aren’t prepared to tackle the mounting threats they now face. According to David Ferbrache, Global Head of Cyber-Futures at KPMG and Chair of the National Cyber Resilience Board for Scotland, organised crime has become a lot less “crude” than it used to be. In essence, criminals are now becoming “business savvy” and are even undertaking reconnaissance missions to work out exactly who the best target is and how much they can extort.


Top 25 Auto Cybersecurity Hacks: Too Many Glass Houses To Be Throwing Stones

According to Upsteam’s latest report, there was a 99% increase in cybersecurity incidents (150) in 2019 with a year-over-year 94% increase since 2016. Many such cybersecurity reports have gotten minimal attention, and society is collectively, wholly-ignorant about how many clandestine auto hacks have truly happened.


ICYMI: IT Security Questions to Ask for the Great Return to the Workplace

With all the talk about “turning the economy back on” we need to think about what that looks like from an information security perspective. Originally as an Infragard contribution, Jenifer Clark and I worked up this set of considerations for bringing once-remote computers back into a corporate network. To the extent that's looking like a reality, here's a handy guide for planning capacity and extra security eyes as part of a risk-based intake plan.


Adjusting to coronavirus impacts on national security

That incident on the Roosevelt, our enemies would have taken notice that a major asset. one of 11 carriers and one of probably what six or seven that are actually out there at any given time is disabled or unable to be out there. That would really get the eyebrows raised I think of enemies and allies around the world, wouldn’t it?


Senate wants more details on Cyber Command’s tools

The Senate Armed Services Committee is concerned there isn’t sufficient oversight over U.S. Cyber Command’s capability and platform development. In the report accompanying the committee’s markup of the annual defense policy bill, it articulates issues with the command’s Joint Cyber Warfighting Architecture, or JCWA, which guides capability development priorities.


New South Wales to implement sector-wide cybersecurity strategy

"The new strategy will be delivered through an integrated approach to prevent and respond to cyber security threats and safeguard our information, assets, services, businesses, and citizens." The state government's existing strategy, a mere 20 pages long, was published in late 2018 and took a whole-of-government view on how to manage risk, borrowing the framework laid out by the National Institute of Standards and Technology (NIST).


Chinese hackers aggressive since Galwan clash, stealing sensitive info from India: Cyber research expert

ollowing the Galwan Valley clashes, cyber attacks by Chinese hackers have seen a massive surge in India. As per Singapore-based cyber research firm, Cyfirma, there has been a 300% jump in such attacks since June 18 by hackers supported by the Chinese army. [...] “What we are witnessing now is the reconnaissance phase during which they are collecting sensitive information about targets and then profile them, the second phase might see cyber attacks one by one,” he further added.


Latvia bans Russian television channel RT

The Baltic nation of Latvia has banned the state-controlled Russian television channel RT, saying that it is effectively controlled by a media figure who is under European Union sanctions. [...] He has been on the EU sanctions list for his alleged role in promoting Kremlin propaganda in support of Russia’s 2014 annexation of Crimea from Ukraine. In all, the Latvian National Electronic Mass Media Council has banned seven channels belonging to the multilingual network operated by RT from being broadcast in Latvia, saying RT was under Kiselev’s “effective control.”


Why Trump’s administration is going after the GDPR

"We do have serious concerns about its [the GDPR's] overly restrictive implications for public safety and law enforcement," said Strayer, who was at the forefront of efforts to convince EU allies they should dump Huawei from their 5G rollout plans. "We definitely find that divergent interpretations [of the law] are also an issue, chilling some of the commerce that could be taking place."


6 ways HTTP/3 benefits security (and 7 serious concerns)

HTTP3, the third official version of hypertext transfer protocol (HTTP), will not use the transmission control protocol (TCP) as did its predecessors. Instead, it uses the quick UDP internet connections (QUIC) protocol developed by Google in 2012. QUIC is a transport layer protocol based on a multiplexed version of user datagram protocol (UDP) connections. Unlike TCP, UDP does not follow the TCP three-way handshake, but uses a single UDP roundtrip.


EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

EvilQuest samples have been found in various versions of pirated software, which are being shared on BitTorrent file-sharing sites. While this method of infection is relatively unsophisticated, it is common for other macOS malware variants – including OSX.Shlayer – “thus indicating it is (at least at some level) successful,” according to Patrick Wardle, security researcher with Jamf, in a Monday analysis.


Living on a prayer? Netgear not quite halfway there with patches for 28 out of 79 vulnerable router models

The vulnerabilities, initially discovered by Trend Micro's Zero Day Initiative (ZDI) in January, were meant to have been patched by 15 June. Netgear asked for an extension at the end of May for a further month, prompting the ZDI to publish an advisory note. An infosec outfit called Grimm followed that up by releasing live exploit code for two of the unfixed vulns, which stung Netgear into patching two devices early on.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book