Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 11-17-2020

[WEBINAR] Talking Turkey: How to Get Enterprise-Level Security on a Budget – presented by Datec and CI Security

Join CI Security Founder and former Seattle CISO, Michael Hamilton and Datec Security Expert and Former BECU CISO, Kyle Welsh, CISSP, this Thursday, November 19th, at 4 PM PT, to attend an informative discussion on funding your security program. The first 10 registrants who also attend the event will win a hickory smoked turkey – and we’ll have a grand prize drawing for a Traeger Pro Pellet Grill for one lucky attendee to roll out for this Thanksgiving. Register today and see you on Thursday.


Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

The attack primarily targets Chromium, Firefox, and Chrome browser data, but also has additional capabilities for opening up a backdoor on compromised systems, allowing attackers to execute PowerShell scripts and commands, as well as the ability to download and execute additional malware.


Biotech Company Miltenyi Biotec Discloses Malware Attack

In an official statement, Miltenyi Biotec announced that, over the past couple of weeks, it experienced malware attacks that affected some of its order processing capabilities. “During the last two weeks, there have been isolated cases where order processing was impaired by malware in parts of our global IT infrastructure,” the company says.


With Threats Of Ransomware Attacks Growing In Healthcare Sector, Victims Face Sanctions Risks From Paying Ransom

The advisory specifically identifies and prohibits ransomware payments made to cyber criminals located in sanctioned territories, including, at present, Cuba, Iran, North Korea, Syria, and the Crimea region. To the extent a U.S. person or entity facilitates the payment of a prohibited ransom, the advisory warns it can be subject to sanctions.


Healthcare Data Breaches to Triple in 2021

"The talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position," said Brian Locastro, lead researcher on the "2020 State of the Healthcare Cybersecurity Industry" study. [...] The survey of security professionals found that 75% of the 66 CISOs at health systems who responded agreed that experienced cybersecurity pros were unlikely to pursue a career in the healthcare industry. The survey of security professionals found that 75% of the 66 CISOs at health systems who responded agreed that experienced cybersecurity pros were unlikely to pursue a career in the healthcare industry.


Russian, N Korean hackers target COVID vaccine maker in India

“One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work[.]” Strontium continues to use password spray and brute force login attempts to steal login credentials. These are attacks that aim to break into people’s accounts using thousands or millions of rapid attempts.


More Cyberattacks in the First Half of 2020 Than in All of 2019

The study also found that the easy availability of hacking tools, like ransomware-as-a-service (RaaS) offerings also contributed to the increased activity.  And like other studies, they found that financial motivation amongst cyber criminals was an increasingly popular driving factor behind the attacks, with 82% of the attacks falling into the e-crime (financially motivated crimes) category, compared with 69% in 2019.


Why Cybersecurity for Small Businesses is More Necessary Now Than Ever Before

For example, many small businesses may not have the financial resources to employ an IT team or be able to provide extensive training to their employees. In many cases, small business owners may not be aware that they are vulnerable to such attacks (or maybe too focused on other aspects of the business, like marketing) and may fail to implement any aspect of cybersecurity altogether, thus heightening the risks.


Cybersecurity is top business worry in 'age of risk' -Marsh & McLennan CEO

Cyber risk also is difficult for companies to deal with conclusively. “CEOs like to get things done and say it’s finished,” he said. “Cyber is a never-ending phenomenon. It will continue for the rest of all of our careers.” Climate change and the culture of remote working are the other top risks cited by companies, Glaser said. Climate is less immediate than cybersecurity because it is developing slowly and its impact, through such catastrophic events as larger wildfires and more powerful hurricanes, will increase over the next five years or more.


VB2020 presentation: Ramsay: a cyber-espionage toolkit tailored for air-gapped networks

In March 2020 researchers discovered a cyber-espionage toolkit known as Ramsay, specifically designed to steal documents and operate within air-gapped networks. In a presentation at VB2020 localhost, ESET researcher Ignacio Sanmillan spoke about Ramsay's main capabilities, the overlaps found with DarkHotel's Retro and some OPSEC failures the researchers spotted during their research.


The Chinese hardware backdoors can cause transformer failures through the load tap changers

Transformer LTCs exposed a vulnerability that must be addressed yet is out-of-scope for NERC CIP, NERC Supply Chain, and NRC Reg Guide 5.71/NEI-0809 requirements and not addressed by other industry cyber security guidance. Why is there little concern about a device that costs upwards of $5 million dollars, can take months to repair or replace, and have a debilitating impact on the grid if damaged or destroyed?


Expert says odds are against municipalities amid ‘significant cyber attack’ on City of Saint John

“Our IT teams and our security teams have to be right 100 per cent of the time… A criminal just needs to get right once.” Pointing out the fact that banks spend hundreds of millions of dollars on security annually, Shipley notes that municipal and provincial jurisdictions “don’t have unlimited money to spend on these problems.”


The ‘Most Secure’ U.S. Election Was Not Without Problems

This smattering of technical issues has had little impact politically, however, and is hardly the foreign interference apocalypse predicted by so many security researchers in the lead-up to this year's contest. "If you look at direct hacking of the voting process or someone getting into a voter database or just some very simple Web defacement, I think we didn't see that," said retired Maj. General Brett Williams, COO at cyberfirm IronNet.


Microsoft says three APTs have targeted seven COVID-19 vaccine makers

The second North Korean threat actor, known as Cerium, appears to be a new group. Microsoft says Cerium engaged in spear-phishing attacks with email lures using Covid-19 themes while pretending to be representatives from the World Health Organization. Microsoft says these attacks targeted vaccine makers that have COVID-19 vaccines in various stages of clinical trials, a clinical research organization involved in trials, and one that developed a COVID-19 test.


CostaRicto cyber mercenary group engaging in espionage for its clients

A new hacker group dubbed CostaRicto by BlackBerry investigators is selling its services to entities needing APT-level hacking expertise in cyber espionage campaigns that target many industrial sectors. The toolset of the hacker-for-hire group includes customized malware that has never been seen before, and also use of SSH tunnels established in the victims' networks and VPN proxies enabling them to hide their malicious activity and avoid being discovered.


How the U.S. Military Buys Location Data from Ordinary Apps

The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom.


Cyber-Criminal Fined $300,000 for Pipeline Attacks

A man from New Hampshire has been fined nearly $300,000 after admitting his role in cyber-attacks targeting the construction of a 1,172-mile-long pipeline spanning three American states. Joseph Earl Thomas Aubut of Conway confessed to being part of a hacking group that launched a series of Distributed Denial of Service (DDoS) attacks in 2016 in an attempt to prevent the Dakota Access Pipeline from being built.


Defining data protection standards could be a hot topic in state legislation in 2021

Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.


Teen Wins Peace Prize for Fighting Cyber-Bullying

So far, Rahman's Cyber Teens app has been downloaded over 1,800 times and has supported 300 young victims of cyber-bullying. The app puts children in contact with a team of young volunteers that includes Rahman and lets them report crimes confidentially. The team then contacts local law enforcement officers and social workers to secure help for the victims.


Christopher Krebs Hasn’t Been Fired, Yet

To no one’s surprise, speculation swept through cybercircles in Washington on Thursday that Mr. Krebs was high on President Trump’s list of officials to be fired after his agency, known as CISA, released a statement from a government-led coordinating council saying that “there is no evidence” any voting systems were compromised and that the 2020 election “was the most secure in American history.” This occurred only hours after Mr. Trump had repeated a baseless report that a voting machine system had “deleted 2.7 million Trump votes nationwide.”

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book