Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-19-2021

ICYMI: [New Report] The 2020 Healthcare Data Breach Data Report by CI Security
We spent weeks combing through the data to better understand the trends - and we discovered cyber criminals went after different targets in order to steal more records. BONUS: Check out the video replay of Wednesday's panel hosted by healthcare security experts Drex DeFord and Nathan Wright, where healthcare IT and InfoSec leaders discussed the report’s findings and shared strategies to strengthen healthcare security in 2021.
[Podcast] Becoming a CISO: Many Paths to Success
Before he became CISO for the city of Seattle, Hamilton was an ocean scientist, created and sold firewalls, served as a managing consultant for VeriSign and a senior principal consultant for Guardent, and was vice chair for the Department of Homeland Security's State, Local, Tribal, and Territorial Government Coordinating Council. He said his diverse experience helped prepare him for the demanding role of CISO.
Kia Reportedly Under Ransomware Attack With $20M Demand
A group of hackers attacked Kia Motors America and subjected the automaker to ransomware that has allegedly shut down vital services like its UVO Link apps, payment system, and the sites that dealers use, according to Bleeping Computer. The hackers are requesting 404.5833 bitcoin to decrypt the data, and at current values, this is equivalent to $20,899,559.53.
CIS launches no-cost ransomware service for U.S. hospitals
The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity vendor Akamai to proactively identify, block and mitigate targeted threats.
Breaches Cost US Healthcare Organizations $13bn in 2020
Although the number of victims dropped slightly from the 27.5 million recorded in 2019, the average cost per breached record increased from $429 to $499 over the period. That means healthcare organizations were on the hook for $13.2bn as a result of breaches last year. The sector also comes top of IBM's Cost of a Data Breach list, with an average of over $7.1m per breach.
What financial services should learn from the SolarWinds cyber attack
When speaking to the board, cyber teams need to be honest about the risk, and report this in a clear and granular manner. If the board is investing in cyber security, it wants to see its risk profile going down in line with increased spend. If the firm’s risk is always “high” despite constant investment, it will simply breed cyber-lethargy.
Utilities and Cybersecurity: Keeping the Lights On – Both On and Offline
The challenge is that many of these utility organizations have limited resources and budget to implement cybersecurity policies that are needed to protect their systems. When a retail organization has an incident that impacts their sales, people can get annoyed because they can’t buy their shoes. If a power grid gets hacked – it can take people’s living conditions away. Very big difference here.
New York regulator issues cyber insurance risk framework with implications for insurers and insureds

  • the rapid expansion of cyber insurance in the marketplace, which in the United States is expected to grow from $3.15 billion in 2019 to more than $20 billion in 2025;
  • challenges in pricing cyber risk coverage appropriately; and
  • evolving cyber threats, including an increase in business email compromises and ransomware events and the possibility of more significant events more broadly impacting the supply chain and associated companies.
The SolarWinds hackers could be in US government computers for a long time. Here’s our next move
Defend forward is the only reasonable way to deal with what the Center for Strategic and International Studies called “irregular warfare.” China, Russia, Iran, and the United States are constantly prodding and poking each other’s systems, networks, and data. The asymmetric nature of information operations—that is the scrappy, unpredictable, and varying tactics involved in cyber warfare–necessitates active engagement.
CISA eyes changes to combat future supply chain hacks
Wales' comments come the day after Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said the White House is planning "executive action" both to mitigate the damage done by the breach involving SolarWinds Orion as well as options for a response against those responsible.
Key weapons programs need new cyber requirements, IG finds
All five programs are considered to be in the final stages of their acquisition lifecycle in which the technology has been proven and requires sustainment until it is retired. The cybersecurity threat to the Pentagon's weapon systems is exacerbated by the age of its programs, which were designed years and even decades before modern cyber capabilities were developed.
Officials fear Iran may try to poison Israel's water, country unprepared
Israel is currently preparing for a widespread cyber attack by Iran, given the fear that the Islamic Republic will try to poison the drinking water, Ynet reported. Following the meeting, Steinitz issued an urgent directive to the Water Authority to take immediate action to raise its level of preparedness, Ynet reported.
Estonian Intelligence: Russians will develop deepfake threats
“This threat will be particularly high once technological development reaches a level where deepfakes are convincing enough to be unrecognisable to the human eye,” it adds, also noting that this will present challenges in the future in terms of the ability of the public to distinguish between true and false information.
Federal Court Refuses to Approve Settlement in Data Privacy Litigation, Finding “Substantial Questions” Regarding Plaintiffs’ Capacity to Sue
The court faulted the parties for not addressing Plaintiffs’ standing in seeking approval of the settlement, particularly as Plaintiffs’ counsel in this case were also involved in the Tsao litigation.  However, the court did not close the door completely on signing off on the settlement down the road.
QNAP patches critical vulnerability in Surveillance Station NAS app
The critical security flaw patched today by QNAP is a stack-based buffer overflow vulnerability impacting QNAP NAS devices running Surveillance Station. "If exploited, this vulnerability allows attackers to execute arbitrary code," QNAP explains in a security advisory from today.
Proofpoint sues Facebook over dummy sites used for anti-phishing training
Proofpoint argues it is not confusing, noting in the suit that it has used the domain in “good faith” and for legitimate purposes. Proofpoint notes it alerts customers to the fact that the look-alike domains are just a test, not actual company domains and that the customers are not actually being targeted in a criminal scheme.
These self-sufficient robots can have ‘babies’ and colonize distant planets
As depicted above, robots will be “born” through the use of 3D manufacturing. We use a new kind of hybrid hardware-software evolutionary architecture for design. That means that every physical robot has a digital clone. Physical robots are performance-tested in real-world environments, while their digital clones enter a software program, where they undergo rapid simulated evolution.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book