Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 4-7-2021

SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
The attacks are brute-forcing high-privilege SAP user accounts, as well as exploiting a raft of known bugs: CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976 and CVE-2010-5326, according to the warning. The adversaries are “advanced threat actors,” according to Onapsis, as evidenced by how quickly they’ve been able to develop exploits, among other things.
https://threatpost.com/sap-bugs-cyberattack-compromise/165265/
 
Cyber Criminals Hone Attacks Against Schools
The ransomware attacks are initiated by gaining unauthorized access to networks either by exploiting Remote Desktop Protocol (RDP) credentials or phishing.  Then the PYSA ransomware extracts sensitive information and encrypts files with the .pysa extension.
https://www.natlawreview.com/article/cyber-criminals-hone-attacks-against-schools
 
The key to interoperability: safe, secure access to patient health data
In fact, with more workforces going remote and virtual care technologies like telehealth becoming a mainstay for many providers, the COVID-19 has provided new risk penetration points for cybercriminals who continue their offensive with sophisticated attacks on hospitals and health systems.
https://www.medicaleconomics.com/view/the-key-to-interoperability-safe-secure-access-to-patient-health-data
 
Data breach at Atascadero State Hospital bigger than previously reported, officials say
The additional data discovered to have been breached by the same employee consists of personal information— including addresses, phone numbers, email addresses, social security numbers, dates of birth and health information — of approximately 1,735 employees and former employees, and 1,217 DSH job applicants who never became DSH employees[.]
https://www.sanluisobispo.com/news/local/article250464701.html
 
Ryuk's Rampage Has Lessons for the Enterprise
"They're looking for experienced ransomware operators, and they have a whole set of criteria, including that they want to see a history that you're getting an average $400,000 payout," Williams said. "They haven't asked for help in the past. They have more work than they can handle."
https://www.darkreading.com/vulnerabilities---threats/ryuks-rampage-has-lessons-for-the-enterprise/a/d-id/1340533
 
Federal Financial Agencies Seek Comments on Use of Artificial Intelligence
The agencies are seeking input from the industry on a variety of topics to provide them with a more complete picture of current AI. This is part of their efforts to determine the appropriate levels and types of governance, risk management, and controls over those tools.
https://www.jdsupra.com/legalnews/federal-financial-agencies-seek-5161129/
 
Insurers Beware: Potential Impacts of New York’s Cyber Insurance Risk Framework
Not only are insurers writing cyber insurance obligated to follow the framework’s guidance, but all insurers need to evaluate their silent risk – or the risk that an insurer must cover losses from a cyber incident under a policy that does not explicitly grant or exclude cyber coverage – and take steps to reduce that exposure.
https://www.insurancejournal.com/news/east/2021/04/06/608707.htm
 
Reflecting crypto craze, crypto-related scams spiral higher in the U.K.
According to new data from the U.K.’s fraud reporting service Action Fraud, scams involving cryptocurrency investment rose 57% across the U.K. in 2020, with a total of 5,581 reports made. Investors lost a total of £113 million to crypto scammers in 2020, up from £76.6 million the previous year.
https://fortune.com/2021/04/06/crypto-scams-uk-cryptocurrency/
 
The extortion economy: Inside the shadowy world of Ransomware payouts
The haggling takes place in a chat room on the dark web. Belicher said he doesn’t know who’s on the other side of his screen, but they already know a lot about his clients. For publicly traded companies, the hackers know annual revenues and calculate a ransom demand from there. And the hackers have total visibility into the organization: “They may have access to that company’s financials from being inside their network,” Bleicher said.
https://www.cnbc.com/2021/04/06/the-extortion-economy-inside-the-shadowy-world-of-ransomware-payouts.html
 
Cyber Resilience for IoT: What’s the Right Level of Security for Embedded Devices?
While it took decades for business networks to progress to where they have, IoT-based networks are leveraging existing networking technology to evolve at an incredible rate. This means security based on where IoT is today will be insufficient in a year or two as the technology continues to rapidly press forward and catch up to the enterprise network in functionality and complexity.
https://www.electronicdesign.com/technologies/iot/article/21160409/infineon-technologies-cyber-resilience-for-iot-whats-the-right-level-of-security-for-embedded-devices
 
House Republicans Introduce Bill for VA-Led Cyber Program
The Veterans’ Cyber Risk Awareness Act would educate veterans on risks such as “disinformation, identity theft, scams, and fraud, spread via the internet or social media.” [...] The proposed bill would create a program to educate veterans about cyber best practices and how to report cyber risks. In doing so, VA would be required to work with other Federal entities and social media companies.
https://www.meritalk.com/articles/house-republicans-introduce-bill-for-va-led-cyber-program/
 
Supply Chain Hackers Strike Hard at Government Entities
Many small cities and entities like municipal utility districts (MUDs) use proprietary software packages which are often operated by mom-and-pop developers with little concern for security. Such was the case in the Florida water plant hack. You must insist they bring their security up to par, or you find an alternative solution.
https://www.govtech.com/sponsored/Supply-Chain-Hackers-Strike-Hard-at-Government-Entities.html
 
Senators press for more on SolarWinds hack after AP report
Key lawmakers said Tuesday they're concerned they've been kept in the dark about what suspected Russian hackers stole from the federal government and they pressed Biden administration officials for more details about the scope of what's known as the SolarWinds hack.
https://spectrumlocalnews.com/nys/jamestown/ap-top-news/2021/04/06/senators-press-for-more-on-solarwinds-hack-after-ap-report0
 
Fiji IT Specialists Learn to Counter North Korean Hackers
Attendees examined the DPRK’s use of open-source intelligence to conduct reconnaissance on financial institutions before launching attacks on financial sector employees, supply chain security threats, and cyberattacks targeting SWIFT banking systems.
https://fj.usembassy.gov/fiji-it-specialists-learn-to-counter-north-korean-hackers/
 
Suspected Chinese spies cover tracks in efforts to breach Vietnamese government
The attackers executed code capable of taking full control of target computers, but they also stripped the code of digital clues that would make them easier to track. “One hypothesis we have is that one or several former Cycldek operators could have joined another team.” [...] But these are merely theories that underscore how private sector researchers are dealing with fragments when trying to hunt seemingly state-linked spies.
https://www.cyberscoop.com/china-vietnam-hacking-espionage-kaspersky/
 
Russia’s Twitter throttling may give censors never-before-seen capabilities
In an attempt to slow traffic destined to or originating from Twitter, Madory found, Russian regulators targeted t.co, the domain used to host all content shared on the site. In the process, all domains that had the string *t.co* in it (for example, Microsoft.com or reddit.com) were throttled, too.
https://arstechnica.com/gadgets/2021/04/russias-twitter-throttling-may-give-censors-never-before-seen-capabilities/
 
Industries critical to COVID-19 response suffer surge in cloud cyberattacks
Industries critical to COVID-19 management have suffered a particular uptick in cloud security incidents. According to the report, retail, manufacturing, and government entities have been struck hardest with attack attempts increasing by 402%, 230%, and 205% respectively during the pandemic.
https://www.zdnet.com/article/industries-critical-to-covid-19-response-suffer-surge-in-cloud-cyberattacks/
 
Decrypted Messages Lead to Seizure of 27 Tons of Cocaine in Europe
Authorities attributed the seizures to the alleged decryption of half a billion messages sent using Sky ECC—a now shut down encrypted phone company and network popular among drug traffickers—in early March. Belgian and Dutch authorities pointed to the decrypted messages as the catalyst for the subsequent arrests of 48 people in Belgium and 73 in the Netherlands supposedly connected to the drug trade.
https://www.vice.com/en/article/5dpnxz/decrypted-messages-lead-to-seizure-of-27-tons-of-cocaine-in-europe
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe