CI Security

IT Security News Blast – 2-5-2020

Calling BS on the security skills shortage

What we have in this industry isn’t a skills shortage. It’s a creativity problem in hiring. To close the existing talent gap and attract more candidates to the field, we need to do more to uncover potential applicants from varied backgrounds and skill sets, instead of searching for nonexistent “unicorn” candidates — people with slews of certifications (like CISSP, CompTIAPenTest+, CySA+, CASP+, CEH, CISSP and CISM), long tenures in the industry (10+ or, in some cases, 20+ years of experience — longer than most relevant technology has been around), and specialized skills in not one, but several, tech stacks and disciplines (from cloud security to app sec and compliance).


Racine Mayor Refuses to Pay Cyber-Ransom

The city is yet to receive a ransom demand from whomever was behind the cyber-attack.  "While we have received this ransomware in our system, we have not received a specific ransomware request. And, if we did receive such a request, we would not pay it," said Mason.  The mayor added that Racine has a cyber-insurance policy, which should cover the city for most of the expenses incurred restoring computer services. While over 700 city employees have been impacted by the cybersecurity incident, the city's library and emergency dispatch departments are continuing to operate as normal.


New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure

[Code] that actively seeks out and forcibly stops applications used in industrial control systems, which is usually abbreviated as ICS. Before starting file-encryption operations, the ransomware kills processes listed by process name in a hard-coded list within the encoded strings of the malware. [...] By ceasing operations at hospitals, factories, and other mission-critical environments, ransomware has always represented a threat to safety. But the resulting damage remained largely contained to IT systems inside targeted networks. Unless the ransomware made an unexpected jump to ICS networks—which are usually segregated and better fortified—the likelihood of disrupting sensitive industrial systems seemed remote.


Matters of Life and Death: Cybersecurity and Medical Devices

Despite this, healthcare organizations also lag behind most industries in their cyber security planning and investment. Just four to seven percent of the typical healthcare system’s IT budget is spent annually on cyber security–in contrast to other industries, such as finance, which averages about 15% of its annual IT budget on cyber defense. The growing awareness of the potential vulnerability of these devices is generating significant momentum towards increasing their cyber security. The Food and Drug Administration (FDA), which has been responsible since 1976 for regulating medical devices, is taking the lead in guiding these efforts.


How-To Guide: Medical IoT Security

Every organization is dealing with the security risks that come with IoT devices, but for health care the risks are getting a lot of media attention. With the never-ending stream of new and existing connected devices increasing cybersecurity risks to patient care and data, CI Security CTO Mike Simon provides real-world strategies for busy InfoSec teams monitoring and responding to threats involving medIoT. “There is no all-powerful elixir of IoT safety. Demonizing manufacturers doesn’t actually solve problems. So, I’d like to present some facts, some practical advice, and maybe make a dent in the FUD a bit.”


Municipal Cybersecurity: Governance Metrics For ESG Investors

Investors play a key role in making sure government officials are focused on the highest level of cybersecurity practices in the municipal entities they manage. In order to ask the right questions in their investment research or due diligence, investors need a thorough understanding of the various facets of municipal cybersecurity, from what is a cyberattack, the extent of the problem nationwide, who the cyberattackers are, why municipalities are such tempting targets, and what the best practices responses are currently.


West Virginia is expanding its controversial smartphone voting push

"This is incredibly unwise," Georgetown computer scientist Matt Blaze told NBC. "Mobile voting systems completely run counter to the overwhelming consensus of every expert in the field." The legislation would require every county in the state to offer smartphone voting. It doesn't specify any particular voting method, but the state has recently been experimenting with software called Voatz that tries to use a blockchain to help secure elections. West Virginia performed a small-scale pilot project with Voatz in the 2018 election, allowing about 150 overseas voters to vote using the technology.


Pitney Bowes revenues clipped by recent cyber attack

Fourth-quarter revenues totaled about $831 million, decreasing 3 percent year over year. The top line factored in a ransomware breach last October that “adversely impacted” revenues by about $7 million in its global e-commerce business, $4 million in its presort mailing-services division and $8 million in its sending-technology group for shipping and mailing.


Survey Reveals 72% of Organizations Plan to Implement Zero Trust Capabilities in 2020, Yet Nearly Half of Cyber Security Professionals Lack Confidence Applying the Model

The 2020 Zero Trust Progress report surveyed more than 400 cyber security decision makers to share how enterprises are implementing Zero Trust security in their organization and reveal key drivers, adoption, technologies, investments and benefits. The report found that Zero Trust access is moving beyond concept to implementation in 2020, but there is a striking confidence divide among cybersecurity professionals in applying Zero Trust principles.


Industrial Cybersecurity Needs Broad & Deep OT/IoT Threat Visibility

To be effective, visibility must be both broad and deep, covering all assets and connected systems. Visibility must also be comprehensive, providing defenders with the information they need to quickly evaluate risks and implement a proper response. Quick detection of changes is also essential, to give security personnel time to act before attackers can exploit new vulnerabilities.  While security teams have these capabilities for conventional IT systems, they often lack good visibility for OT systems and unmanaged IoT devices.  This increases the risks for all connected systems.


When the homefront becomes the (cyber) front line

As a person’s data is being collected, stored, sold, resold and combined, patterns of life become discoverable. While much of this sold digital data is purportedly “sanitized” of personally identifying information, numerous reports demonstrate that it possible to reconstruct individual identity from metadata and through combination with other available data sources. As a result, a digital “pattern of life” can be used not only by companies, but by bad actors, be they criminals, or potentially, hostile governments as an act of terror or war.


Intelligence report: China's intelligence services look for Lithuanian targets on LinkedIn

"The most common targets are civil servants, information technology specialists, defense sector employees, scientists, and experts in multiple other fields," they said. Potential targets usually receive offers to become consultants, invitations to China "with all expenses covered", and requests to provide, for a payment, analytical assessment of trends in a foreign country, and summaries of public and non-public political or military information.


Coronavirus sends Asia's social media censors into overdrive

“What I call the ‘moron strain’ has created a global, social media-driven panic that is in turn feeding on itself,” wrote Karim Raslan in his regionally syndicated column, noting how much greater the challenge had become for governments to manage. At least five people were arrested and released on bail in India’s southwestern state of Kerala over WhatsApp messages, said Aadhithya R, District Police Chief of Thrissur. Six people were arrested in Malaysia on suspicion of spreading false news.


Guess what? GDPR enforcement is on fire!

Failures of data governance -- not security -- trigger the most fines and penalties. DPAs have primarily acted against the infringement of Article 5 (principles of processing of personal data) and Article 6 (lawfulness of processing). These rules contain key data governance principles, such as data accuracy and quality, and fairness of processing, when firms collect and process the minimum amount of data necessary for a specific, clearly defined purpose. Firms struggle greatly to meet the requirements around consent and other available legal bases.


Satellite Imagery Service Used by Human Rights Investigators Abruptly Shuts Down

TerraServer was taken offline with no explanation on January 18 before the website was updated late Monday to announce the shutdown. Investigators from around the world mourned the loss of TerraServer on Tuesday morning. Louisa Loveluck, the Baghdad bureau chief for the Washington Post, tweeted this was “a sad day” because TerraServer was “a vital tool” for their investigation into Syrian prison deaths.


Office Cleaners Pose Cyber Risk, Police Warn

“Exploitation of staff is a key area”, Newsham was quoted by CBR as saying. “Organised crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.” And Newsham also highlighted an old school attack method when he said that “even the old ‘drop a USB stick’ is back.”



Emotet detection tool for Windows OS.

Emotet generates their process name from a specific word dictionary and C drive serial. EmoCheck scans the running process on the host, and find Emotet process from their process name.


Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634, in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26. According to Vennix, the flaw can only be exploited when the "pwfeedback" option is enabled in the sudoers configuration file, a feature that provides visual feedback, an asterisk (*), when a user inputs password in the terminal.


'Superyacht Industry is Falling Behind on Cyber Security'

Co-founder and chief data officer at CSS Platinum, Mike Wills, warned that the threat of cyber-crime is very real, claiming that there are “hugely organised criminal gangs wanting to target superyachts”. He warned that sophisticated attacks could even hijack the propulsion and steering systems on board. [...] “The level of protection on yachts compared to other environments is very low,” he said. He added that this is especially dangerous in an industry populated with ultra-high net worth individuals.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast