Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 3-30-2021

Nakasone Warns Adversaries Hack Unseen In US
Because US law and policy forbid CYBERCOM and NSA from operating on US networks, “We, as CYBERCOM or NSA, may see what is occurring outside the US, but when it comes into the US, our adversaries… understand the laws and policies we have within our nation, and so they are utilizing our own infrastructure, our own internet service providers to create these intrusions.”
SolarWinds hack got emails of Department of Homeland Security
The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.
Phished Healthcare Provider Takes Legal Action Against Amazon
An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon. [...] SalusCare requested access to the audit logs of the buckets as part of its investigation to determine precisely what data had been breached by the threat actor. However, Amazon refused to supply an audit log or a copy of the data stored in the S3 buckets as they do not belong to SalusCare.
Think Like a Hacker, Act Like a Cybersecurity Pro
Experts from Irdeto, Siemens Healthineers, and H-ISAC recently came together for a virtual panel discussion on what medical device manufacturers need to do in order to enhance their cybersecurity methods to protect their products and ultimately the providers and patients who use them. [...] "It's not necessarily to make things completely impossible to attack because with enough money and time anything can be attacked," Huin said. "It's mostly about making it hard enough that people go and do something else."
Aussie TV Network Taken Off Air by Ransomware
The latest report from the network’s online news site claimed that ransomware was used but no ransom has yet been demanded, indicating that state-backed players may be responsible. This evening, the network is set to broadcast a warts-and-all expose of Russian President Vladimir Putin’s use of poison to murder overseas dissidents. However, there’s no firm evidence as yet to link the attacks back to the Kremlin.
CompuCom MSP expects over $20M in losses after ransomware attack
The expenses are mainly related to the company's ongoing efforts to restore impacted systems and services, as well as "to address certain other matters resulting from the incident." [...] The MSP is still working on restoring service delivery to customers since the ransomware hit its network and expects to "have service delivery restored to substantially all of its customers" by the end of March.
Hades ransomware operators are hunting big game in the US
According to the cybersecurity researchers, at least three major companies have been successfully attacked with the ransomware strain including a transport & logistics company, a consumer products retailer, and a global manufacturer. Forward Air was reportedly a past victim. Accenture says that the threat actors are focused on hunting organizations that generate at least $1 billion in annual revenue.
Energy Launches Supply Chain Program As Watchdog Called for More Action
The report pointed to a need for DOE to address vulnerabilities associated with the ICS supply chain but also GPS-dependent and networked consumer devices not controlled by distribution utilities as well as devices used for solar inverters and battery storage that are increasingly connected to the grid.
Possible Cyber Attack Targets U.S. Virgin Islands Government
"Our team is actively working on a resolution of this issue. Although the divisions are faced with this challenge, some manual fixes have been put in place to provide services to the public in the interim. [...] It's the latest cyber attack against a Virgin Islands government department, and the breaches have been wreaking havoc on agencies' databases. The V.I. Port Authority said a cyber attack occurred on its network on Jan. 29.
This is How They Tell Me Cyber Peace is Achieved
Government-communications industry collaboration, when the former needed to use the latter to accomplish something, is not new. [...] Alternately, they could adopt a “zero tolerance” policy, significantly reducing the ability to carry out cyber-attack and -espionage by any nation. At that point a great deal of the work and investment in things like Cyber Command (not just the one in the U.S. but all the variations on the theme that have been stood up over the years worldwide) starts to become moot.
Second stage of Chinese telecom ban producing unintended consequences
At issue is Section 889 of the 2019 National Defense Authorization Act, which sought to root out Chinese telecom equipment from the federal supply chain. The first section banned companies from selling that gear to the government. Part B, which the government implemented via an interim rule last August, prohibited prime contractors from using that equipment as a “substantial or essential” part of their own networks.
Attach Strings To Data Collection To Combat Surveillance Capitalism, Experts Suggest
Laws addressing how much data can be collected should be among new regulations that must ensure data collection from big technology companies doesn’t harm Americans, according to a March 17 panel of academics at the South by Southwest conference.
FBI Issues Mamba Alert
According to the Bureau, Mamba has been deployed against local governments, public transportation agencies, legal services, technology services, and industrial, commercial, manufacturing, and construction businesses. The ransomware works by weaponizing an open source full-disk encryption software called DiskCryptor. By encrypting an entire drive, including the operating system, the software restricts victim access.
Official PHP Git server targeted in attempt to bury malware in code base
However, instead of escaping detection by appearing so benign, contributors that took a closer look at the "Fix typo" commits noted malicious code that triggered arbitrary code within the useragent HTTP header if a string began with content related to Zerodium.
Anyone with an iPhone can now make deepfakes. We aren’t ready for what happens next.
Now with a single source photo and zero technical expertise, an iPhone app called Avatarify lets you actually control the face of another person like a puppet. Using your phone’s selfie camera, whatever you do with your own face happens on theirs.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book