Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 7-2-2020

IoT Risks Highest in Physical Access Control Systems and Healthcare Systems

Under potential impact, higher IoT risks were associated with the fact that most IoT and OT devices are unmanaged by most security solutions available. The connectivity risk component increased potential IoT risks because of the ability of IoT devices to communicate directly with other devices. Regarding services, the IoT risks were present because of the various interfaces available on such devices. For example, most IoT devices have Wi-Fi and Bluetooth interfaces that increase the attack surface.


Business giant Xerox allegedly suffers Maze Ransomware attack

The company has yet to confirm or deny a cyberattack on its network but screenshots from the attacker show that computers on at least one Xerox domain have been encrypted. Just like previous posts from Maze, the one for Xerox lacks any details about the attack except for proof of the breach and of encrypting the company’s systems. According to the attacker, they have stolen more than 100GB of files from Xerox and are determined to share it all if the company chooses not to engage in negotiations for a ransom payment.


UCSF pays $1M ransom to recover medical school data from hackers

The prestigious medical school is among several universities to have been targeted by ransomware in recent months. ‘Netwalker’, the ransomware software responsible for the UCSF hack, was used to carry out similar attacks against Michigan State University and Columbia College, Chicago in late May and early June. Michigan State opted not to pay its ransom at the advice of law enforcement, which resulted in financial documents and personal information from the university being published online.


Hackers obtain Covid-19 patient database in protest at treatment of Indian health workers

“We are not satisfied with the Delhi Government’s approach towards the healthcare personnel… Thus, to show our protest, we were on an errand to obliterate [the] Delhi State Health Mission website,” the Kerala Cyber Hackers wrote in a Facebook post. “We were appalled to witness sensitive data stored in these servers without any security… The government needs to be very careful and take every possible security measure to protect the personal information of citizens”.


Keep the lights on: Three things power companies need to do to harden cybersecurity defenses

"In the OT environment, there are more-high impact low-frequency attacks, while the traditional security mindset is high-frequency low impact," he said. [...] Alperovitch said that security teams need to learn the language of operators and combine an understanding of the threat landscape with this understanding of  how the industrial systems work. Lee also said that power plant operators should consider the threats they are facing and build an appropriate cyber defense instead of assembling a standard arsenal of tools.


CI Security Announces Strategic Agreement with Phoenix 2.0 to Provide Cybersecurity to Regulated Industries

“The new services are beneficial and cost-effective for organizations looking for a cybersecurity force multiplier,” said Alex Rayter, Principal at Phoenix 2.0. “This perfectly positions us to help clients monitor risks in real-time and respond swiftly and decisively should an incident occur.”


'We're seeing a 6,000% increase in spam': IBM cyber VP

In the case of workers using VPNs, some experts see them as the perfect way to get a bad actor into a company’s network, likening it to a hypodermic needle. All an attacker needs is a few employees to click on some malware, perhaps from an email or a fake resume and they could be in — and some cyber experts even speculated that attackers might target unsecured Wi-Fi networks.


District Court Affirms Order Requiring Production of Cyber-Investigation Report after Considering Totality of Circumstances

While reciting a number of other relevant facts, the Magistrate’s Order appeared to rely heavily on the fact that Capital One had used the same forensic consultant that it used for ordinary-course-of-business work in reaching its conclusion that the Report was discoverable. Against this backdrop, the Magistrate Judge concluded that Capital One had not presented sufficient evidence to show that the Report would not have been prepared in substantially similar form and with similar content in the absence of litigation. Accordingly, production of the Report was ordered.


Another COVID-19 Side Effect: Rising Nation-State Cyber Activity

CISOs must now look at their businesses through the eyes of nation-state bad actors and see where they fit into the larger picture during and after the recovery stages of the pandemic. This means assessing weaknesses in cybersecurity and addressing them immediately — specifically, old and unpatched weaknesses. In a public disclosure, CISA and the FBI stated that foreign cyber actors continue to exploit publicly known — and often dated — software vulnerabilities against broad target sets, including public and private sector organizations.


SASC Pushes Cyber Overhaul In New NDAA

While the SASC NDAA draft does not immediately create the position of a National Cyber Director, it does call for an independent assessment on the feasibility and advisability of establishing one. One complication is that the White House appears opposed to the creation of such a position, continuing a long and frustrating battle between Congress and the Executive Branch that predates this administration and has prompted much criticism from cyber operators.


Russian Evil Corp Cybercrime Group Strikes Again

The cybercrime group, it added, has been able to penetrate some of the most well-protected corporations, steal their credentials and move easy through their networks causing millions of dollars in damages and triggering “a possible domino effect on supply chains.” The company also explained that WastedLocker “is a relatively new breed of targeted ransomware,” and that it has been attributed to “Evil Corp cyber crime outfit,” previously associated with the Dridex banking Trojan and BitPaymer ransomware.


Anonymous Hackers Target TikTok: ‘Delete This Chinese Spyware Now’

The ByteDance-owned platform was under fire anyway, over allegations of data mishandling and censorship, but then a beta version of Apple’s iOS 14 caught the app secretly accessing users’ clipboards and a backlash immediately followed. [...] “Delete TikTok now,” the account tweeted today, July 1, “if you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”


Did a Cyber-Weapon Blow Up an Iranian Missile Factory—And Is This Cyber-War?

“On the explosion of the Parchin gas facilities, it has been mentioned that the incident was caused by hacking the center's computer systems,” said Brig. Gen. Gholamreza Jalali, head of the Passive Defense Institution, at a conference on anti-chemical weapons defense. “But until we come to a conclusion on the dimensions of this incident and the claim, we cannot comment.” The explosion damaged the Khojir missile production complex, according to satellite imagery, but Iranian authorities have insisted that it actually took place at the Parchin industrial park forty kilometer away.


How to keep your communications truly private when everyone is remote

One study found that employees often didn’t understand how end-to-end encryption could secure their communications, so they simply didn’t use the right tools. Even more alarming, some employees believed such precautions were futile; they did not believe the tools could offer protection for themselves or their organization’s data. The billions of dollars spent on software, network hardening, and device compliance measures are wasted if employees do not understand why they need to use the provided solutions.


The Challenge of Third-Party Compliance Management

Complying with this growing collection of international, national, and state regulations is a major challenge for small and mid-sized organizations that lack the necessary expertise and resources. The compliance management process includes a long list of responsibilities such as:

·       Creating internal compliance policies

·       Providing security and privacy awareness training to employees

·       Tracking and investigating issues

·       Keeping up to date on changing regulations and new regulations

·       Documenting compliance and providing visibility into the data for auditors


Promethium APT attacks surge, new Trojanized installers uncovered

Talos has tracked roughly 30 new command-and-control (C2) servers belonging to Promethium tied to an evolved form of the group's surveillance malware, StrongPity3, that is also believed to be linked to state-sponsorship. [...] To hide the spyware's activities, BitDefender says that the C2 network the team traced has three infrastructure layers, including the use of proxy servers, VPNs, and IP addresses that receive forwarded data. In total, the team mapped 47 servers with different functionalities.


Microsoft Issues Out-of-Band Patches for RCE Flaws

If exploited, CVE-2020-1425 could allow an attacker to obtain information that would let them further compromise a system. CVE-2020-1457 could enable someone to execute arbitrary code. Neither vulnerability was publicly known or exploited prior to the patches released this week, and Microsoft has not disclosed why it didn't wait until Patch Tuesday to deploy these fixes.


‘GoldenSpy’ tax software campaign tries to erase evidence of malware

The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software as Intelligent Tax, which was reportedly developed by China-based Aisino Corporation, and digitally signed by a second Chinese company, Chenkuo Network Technology.


Red Hat Audit to ‘Eradicate’ Problematic Language in Its Code

In a blog post published to the company’s website, Chief Technology Officer Chris Wright said the company would be “standing up a team to audit our own work—our code, documentation and content—and identify potentially divisive language.” [...] Terms used within the open source community that have often caused division include “master” and “slave,” which is used to denote when one process has control over another, and terms like “whitelist” and “blacklist,” used to identify when something is permitted or forbidden.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book