Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-18-2021

[EVENT REPLAY] Healthcare Breach Report for 2020 Panel Discussion
Check out yesterday’s panel discussion on the findings from CI Security's 2020 Healthcare Cybersecurity Data Breach Report. Featuring CI's Experts and Healthcare CISO Nathan Wright, the panel weighed in on the report's findings, what it means for healthcare security and InfoSec teams in the coming year, and what you can do to mitigate the threats and risks to your organization. Key findings and the video are included in this article.
Senators Push for Action on Water Treatment Hack Investigation
For example, he says the EPA should clarify whether it has established criteria and funding for cyber risk management at water treatment plants. [...] "The investigation should seek to establish the taxonomic identity of the threat actor or actors, such as whether this was opportunistic, hacktivist, criminal or nation-state activity, as this will help to understand the motivation of the actors and the likelihood of further events," says Hamilton, who now serves as CISO of CI Security.
Hacker Leaks Files from Jones Day Law Firm, Which Worked on Trump Election Challenges
The Tor hidden service listing the data is currently offering 20 caches allegedly related to Jones Day, ranging from 1.5GB up to around 4.5GB. One of the caches is marked as "extracted emails." As has become more common from financially motivated extortion campaigns, the hackers are also listing data allegedly obtained from a number of other companies.
Cybersecurity in a pandemic year: One CISO's perspective
I do not expect the speed or demands to subside in 2021. As ChristianaCare advances the digital and virtual care strategies, information security will need to be designed into the fabric of all those initiatives. The speed and agility that I referenced earlier is or will become a core competency of the information security team.
Report: Healthcare data breaches spiked 55% in 2020
Further, the average cost of a breach in healthcare has increased 10.5% from 2019 to 2020, the new report shows. The cost per breached record also rose to $499 last year from $429 the year prior, a 16.3% jump.
DOJ Indicts WannaCry Creators, as Global Feds Impact Egregor Efforts
For healthcare, the most notable Egregor attack was seen on GBMC HealthCare, which infected IT systems and forced some of the platforms offline in early December. It appears, at least for now, SBU has blocked some activity through international cooperation between the agency, the United States, and France. According to the report, Egregor has caused more than 80 million in losses from more than 150 victims.
Department of Financial Services warning New Yorkers about cybersecurity fraud alert
The department says there have been several claims of unsuccessful or attempted data theft from websites like auto insurance rate quotes. Hackers are able to enter a name, birthday or address, then the quote websites show partial information including a driver's license number. The hacker captures the full license number and then just abandons the quote.
‘Everyone’s half asleep, and bosses don’t want trouble’: The struggle to secure utilities
Also, in utilities, oil and gas, there’s a real cultural disconnect between the day-to-day operational types, and the senior leadership. It’s like the managers dwell in this realm of metrics that are all their own and nobody can understand what’s going on in their minds. And the day-to-day operational people have to get it done.
Cyber Insurance Issues for Remediation Costs of SolarWinds Hack
Remediation costs and efforts connected to the SolarWinds hack could be extensive, and cyber insurance policies may help. K&L Gates attorneys discuss several insurance-related issues that policyholders should consider as they learn more about the attack and its potential impact on their organizations.
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
"We believe it took them months to plan and execute," Neuberger said, and it will take months for the US government to investigate fully. The Biden administration will be taking executive action in response to the "gaps" that were exploited in the incident, she said. A "holistic" response to the perpetrators is under discussion.
Cybersecurity Issues Are a Threat to U.S. Democracy, Experts Say
The growth of the Internet worldwide combined with the power of mass online messaging through social media, and available-to-all hacking tools, means that the United States is under constant, unrelenting attack from adversaries, foreign and domestic. The attacks do not cease, will not cease and will be a permanent problem, like human disease, about which Americans have to be constantly vigilant, and which may never be eradicated.
North Korean hackers are ‘the world’s leading bank robbers,’ U.S. charges
Federal prosecutors on Wednesday announced charges against three North Korean government hackers accused of participating in a wide range of cyberattacks, including the destructive 2014 assault on Sony Pictures Entertainment hack, the global WannaCry ransomware attack in 2017 and a range of digital bank heists.
Russia's hack was bad — but if we don't act fast, it will get much worse
Specifically, we should clarify who does what in the government, with the Department of Homeland Security leading on civilian government infrastructure and national resiliency and incident response, the FBI taking the helm on law enforcement and domestic threat response, and Cyber Command having authority over nation-state threats and overseas responses.
Tracker pixels in emails are now an ‘endemic’ privacy concern
The recipient of an email does not need to directly engage with the pixel in any way for it to track certain activities. Instead, when an email is opened, the tracking pixel is automatically downloaded -- and this lets a server, owned by a marketer, know that the email has been read. Servers may also record the number of times an email is opened, the IP address linked to a user's location, and device usage.
Apple M1-native malware has already begun to appear
Masslogger Swipes Microsoft Outlook, Google Chrome Credentials
“The use of compiled HTML (usually used for Windows help files) can be advantageous for the attacker since the initial infection vector is email,” Vanja Svajcer, outreach researcher with Cisco Talos, told Threatpost. “Many organizations will not consider CHM files to be executables so it is more likely they will evade content filters filtering incoming email messages based on the attachment name or type.”
Security researcher finds a way to run code on Apple, PayPal, and Microsoft’s systems
In addition to these public packages, companies will often build their own private ones, which they don’t upload, but instead distribute among their own developers. This is where Birsan found the exploit. He discovered if he could find the names of the private packages used by companies (a task that turned out to be very easy in most cases), he could upload his own code to one of the public repositories with the same name, and the companies’ automated systems would use his code instead.
Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping
That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot.
Dutch police post 'friendly' warnings on hacking forums
But today, Dutch police revealed that after the Emotet takedown, its officers also went on Raid and XSS, two publicly accessible and very popular hacking forums, and posted messages in order to dissuade other threat actors from abusing Dutch hosting providers to host botnets or other forms of cybercrime.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book