Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 7-10-2020

Cyber-Attack Downs Alabama County’s Network

“The incident has caused a temporary disruption to the County’s computer records systems including the tag office and probate court records,” wrote Parnell. “Persons needing services provided by our various departments should check with the clerks in the particular department before coming to the courthouse to ensure that needed records are accessible.” As a result of the attack, local records required by the courthouse in the performance of its regular services have been rendered unavailable.


The Coming Cyber Pandemic: Part I

The dispersal of catastrophic power into a larger pool of potentially malicious, undisciplined hands has altered the battlespace and expanded the “fifth dimension” of global conflict—cyberspace—which defies traditional strategies of border control and national defense. In addition, the fact that cyber conflict occurs in a largely ungoverned virtual space, largely immune to international conventions of war, enhances the risk to civilian populations and collateral victims (e.g. individual citizens, private industry, etc.) and calls for an expanded view of what constitutes defending national security.


Health Care Providers Continue to Be Hit with Ransomware and Phishing

It doesn’t matter in which  state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are successful in victimizing you. [...] Although we know that health care providers are being targeted, the list of incidents is sobering. The only thing that the 66 companies have in common is that they are healthcare providers and the attacks were successful. The list confirms the stark reality of the risk healthcare providers face from cyber-attacks.


How bad bots are targeting the healthcare sector

While other industries such as financial services, government and education, have been targets of APT groups in the past, since the pandemic began there has been a marked increase in the number of password spraying attacks on the medical sector with international pharmaceutical and clinical research laboratories thought to be more vulnerable to an attack due to their global reach and complex supply chains. Targets include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.


How to Secure Cloud Workloads in Healthcare

Medical applications deployed on a public cloud leveraging serverless or container services have stringent compliance requirements, such as HIPAA and GDPR. Healthcare organizations need to meet these compliance regulations in accordance to the design of the workload deployed, and enable proper certification and auditing calls for clear security controls across the entire lifecycle of the application, from development to production.


AGB, ISA, and AIG to Issue Guidance on Cyber-Risk Oversight for Board Members of Higher Education Institutions and Foundations in Wake of COVID-19

The Association of Governing Boards of Universities and Colleges (AGB), the premier organization representing higher education governance; the Internet Security Alliance (ISA), comprising chief information security officers of Fortune 100 companies across critical sectors; and American International Group, Inc. (AIG), a leading global insurance organization, today announced plans to develop a new resource on cyber-risk oversight in higher education.


Secret Service merging electronic and financial crime task forces to combat cybercrime

The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous task forces.


Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

As with many cyberattackers that specialize in financial targets, the aim is to infiltrate corporate networks, grab access credentials, and steal valuable financial information that can then either be used for fraudulent purchases or sold on in bulk to other criminals. [...] The emails contain a link to a .zip file hosted on Google Drive. Once extracted, malicious .LNK files will lead to decoy documents that appear to be files relating to Know Your Customer (KYC) data, such as copies of driving licenses or bills with proof of address. However, these documents will then execute a range of malicious components to compromise corporate networks.


Letter from Australia: how the government got serious on cybersecurity

Australia’s go-to cybersecurity benchmark for government organisations and critical infrastructure remains the Australian Signals Directorate’s ‘Essential Eight’, developed specifically to harden systems against malicious intrusion and compromise. [...] While it is roundly accepted that the Essential Eight are a necessary and effective security framework, actually achieving compliance is a lot harder than it sounds, which is almost certainly one of the reasons why the executive arm of the Australian government has gone on the front foot to raise awareness.


Italian and Romanian judicial authorities, with Eurojust’s support, dismantle major criminal network in financial fraud, cybercrime and money laundering

The organised crime group (OCG) dismantled today is one of the most important transnational criminal networks discovered so far in Italy, operating in financial frauds and cyber scams such as purchase of non-existing goods and services, rental fraud (fraud through the advertisement of inexistent properties to rent), computer phishing, clone-sites phishing (impersonating of a company to trigger large transfers to bogus accounts).


New DOE document names China, Russia as threats to US bulk power system

Yesterday, the Department of Energy (DOE), Office of Electricity issued a request for information (RFI) “seeking information to understand the energy industry’s current practices to identify and mitigate vulnerabilities in the supply chain for components of the bulk-power system (BPS).” [...] Unlike the executive order, the RFI explicitly names China and Russia as the biggest adversarial nation threats to the bulk power system because they both “possess highly advanced cyber programs and…both nations pose a major threat to the US government, including, but not limited to, military, diplomatic, commercial and critical infrastructures.”


Attack On Iran’s Natanz Nuclear Facility Not A Cyber Attack, But A Bomb Blast – Reports

Writing for The Hill, Simon Henderson, a veteran researcher, a fellow at the Washington Institute for Near East Policy, believes that the explosion at Natanz has put the facility out of commission, and the Islamic Republic probably doesn’t have an alternative to manufacture the advanced centrifuges. This has set back Iran’s nuclear program for months if not years. Intelligence sources from other countries have also drawn similar conclusions and cite a setback of one or two years.


‘Anything TikTok knows, assume China knows’: Experts urge Canadians to be wary of app

David Skillicorn, a professor in the School of Computing at Queen’s University in Kingston, Ont., said TikTok has had security problems since it launched, and although the company has been trying to fix it, the app is still “poorly implemented from a security perspective.” “So anything TikTok knows about, assume China knows about as well,” he said. On Monday, U.S. Secretary of State Mike Pompeo said the United States is “certainly looking at” banning TikTok, suggesting it shared information with the Chinese government.


Data Leak on Online Gambling App puts Millions of Users at Risk of Cyber Attacks

A massive data leak discovered on the technical database of popular casino gambling app Cubillion exposed daily activities and personal identifiable information of millions of users, according to vpnMentor researchers. Housed on a misconfigured Elasticsearch engine, the unprotected database recorded up to 200 million records per day (50GB), including details of technical activity of Android and iOS users around the globe.


Zoom fixing zero-day vulnerability in Windows client

“What makes this case worse is that the OS (Windows 7) involved in this latest vulnerability is one that’s no longer supported by Microsoft,” Timothy Chiu, vice president of marketing at K2 Cyber Security. “Unsupported code has the added problem that it’s unlikely a fix will be forthcoming.  In this case, Zoom may be able to fix their code, but it’s not likely any help will come from Microsoft.”


Verizon Adds Protection Against SIM Swapping Hacks in Mobile App

At the end of June, the company launched a feature called “Number Lock,” which makes it easier for users to enable protection that could potentially stop SIM swapping hacks. Verizon customers can now enable this protection directly from the “My Verizon” app and with just a tap, as Motherboard verified this week.


Advertising Plugin for WordPress Threatens Full Site Takeovers

The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued. The bug could allow complete site takeover, earning it a 10 out of 10 on the CVSS bug-severity scale. Also, it has already been the subject of in-the-wild attacks, according to an analysis from Wordfence issued on Wednesday. That said, the firm said the attacks so far have been limited in scope and scale.


UCCS now a founding member of the Space ISAC

The Space ISAC was announced in April 2019 during a classified session at the 35th Space Symposium and is headquartered in Colorado Springs, co-located with the National Cybersecurity Center. It is a space sector-specific, member-driven organization supported by the federal government. Its members collect, analyze and disseminate cyber and physical security threats and risk mitigation information.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book