Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 7-6-2020

F5 patches vulnerability that received a CVSS 10 severity score

The bug is a so-called "remote code execution" vulnerability in BIG-IP's management interface, known as TMUI (Traffic Management User Interface). Attackers can exploit this bug over the internet to gain access to the TMUI component, which runs on top of a Tomcat server on BIG-IP's Linux-based operating system. Hackers don't need valid credentials to attack devices, and a successful exploit can allow intruders to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code -- and eventually lead to attackers gaining full control over the BIG-IP device.


NetWalker ransomware group claims attack on Fort Worth transportation agency

“Due to a technical issue we experienced this morning, all of our phone lines are down including our customer service line and ACCESS booking system,” Trinity Metro said in a July 1 website notification. [...] The post on NetWalker gang’s dump website lists more than 200 Trinity Metro folders containing information that was apparently exfiltrated from the agency before its systems were disrupted. This development is in keeping with a recent strategy adopted by certain ransomware extortion groups: to not only encrypt files and incapacitate business systems, but also steal data and threatening to publish it if they do not receive payment.


Schools already struggled with cybersecurity. Then came COVID-19

If these systems are set up without proper authentication and controls, any of them can potentially become vectors for attack. And tools to access school networks remotely, including VPNs and Remote Desktop Protocol, can be abused by attackers to gain unauthorized access to sensitive systems. Last week, the Federal Bureau of Investigation issued a security alert about the threat of ransomware to schools amidst the COVID-19 crisis. "K-12 institutions have limited resources to dedicate to network defense, leaving them vulnerable to cyber attacks,


DHS CISA Alerts to OpenClinic GA Hospital Management System Flaws

Three of the disclosed vulnerabilities found in OpenClinic GA versions 5.09.02 and 5.89.05b have been ranked critical and six are ranked high severity. According to the alert, a hacker could remotely exploit the flaw with low skill levels. Public exploits are already available. “Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view or manipulate restricted database information, and or execute malicious code,” CISA explained.


Every HIPAA Waiver Has Its Thorn

The HIPAA Waiver has enabled many providers to immediately leverage these technologies to render services via telehealth for the first time, without the need to expend significant resources to quickly ramp up a HIPAA-compliant telehealth platform. A summary of the HIPAA Waiver can be found in a recent blog post. While the HIPAA Waiver applies only temporarily, it is likely that the increased reliance on telehealth evidenced over the past three months is here to stay.


How Ekans Ransomware Targets Industrial Control Systems

"In addition to the usual set of processes, Snake and some versions of Megacortex also attempt to end processes associated with ICS to free-up even more files for encryption," Callow tells Information Security Media Group. "So, it's not really designed to attack ICS as such; it's simply designed to encrypt as much data as possible. If an actor actually wanted to attack ICS, there'd be far more effective ways to do it than the very rudimentary approach taken by Snake. In other words, Snake isn't Stuxnet II; it's vanilla ransomware."


Security Think Tank: AI cyber attacks will be a step-change for criminals

Seymour and Tully’s SNAP_R (Social Media Automated Phishing and Reconnaissance) provides an example of a simple but elegant AI-based attack. AI’s ability to analyse large amounts of data at pace means many of these attacks are likely to be uniquely tailored to a specific organisation. These kinds of highly sophisticated cyber attacks, executed by professional criminal networks leveraging AI and machine learning, will enable attacks to be mounted at a speed and thoroughness that will overwhelm an organisation’s IT security capabilities.


CCPA compliance lags as enforcement begins in earnest

A recent poll by ArcTrust revealed that as of June 2020 just 14% of companies were completely done with CCPA compliance, while another 15% have a plan but haven’t started implementation. This leaves an additional 71% of companies whose plans for CCPA compliance are unaccounted for. These numbers, while large, might not be all that surprising as only 28% of firms were compliant with GDPR over a year after it went into effect, with companies greatly underestimating what it would take to be compliant.


How Will The World Look Like In 2025 And The Future Of Cybersecurity

There will be an exponential explosion of data volume and typical use cases. Thus, the line separating the responsibilities of IT security teams and the regulatory frameworks will blur by 2025. GDPR (General Data Protection Regulation) is a robust regulatory framework that advocates for consumer rights, accountability obligations, and restrictions on the international flow of data. The rapid advancement in the use of AI and ML technologies will make the process trickier.


Nigerian National Coming to LA to Face Money Laundering, Cybercrime Charges

The affidavit describes BEC schemes as often involving a computer hacker gaining unauthorized access to a business' email account, blocking or redirecting communications to and/or from that email account, and then using the compromised email account or a separate fraudulent email account to communicate with personnel from a victim company and to attempt to trick them into making an unauthorized wire transfer.


Iran threatens retaliation after what it calls possible cyber attack on nuclear site

“Responding to cyber attacks is part of the country’s defence might. If it is proven that our country has been targeted by a cyber attack, we will respond,” civil defence chief Gholamreza Jalali told state TV late on Thursday. An article issued on Thursday by state news agency IRNA addressed what it called the possibility of sabotage by enemies such as Israel and the United States, although it stopped short of accusing either directly.


EncroChat Hacked by Police

Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe. Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever[.]


Security News This Week: The Encryption-Busting EARN IT Act Advances in the Senate

The bill also comes as the Department of Justice ramps up its campaign to demand that tech companies provide encryption backdoors for law enforcement access. EARN IT was amended this week, but privacy advocates say that it still poses a substantial threat to encryption. The highly regarded end-to-end encrypted chat app Signal announced at the beginning of April that it would be forced to exit the US market if the EARN IT Act becomes law.


DuckDuckGo collecting user browsing data without consent (Updated)

The issue starts with the fact that the search engine stores the favicons (icon displayed on browser tabs) of websites on one of its servers at Therefore, let’s say, you happen to visit a website. As a result, DuckDuckGo’s Android browser would request the favicon from its server transmitting the browsing data of the user to that server in the process without asking the user.


Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. [...] [The] flaws grant "an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine."


Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign

The security vendor last week had reported discovering "SocGholish," a JavaScript-based malware masquerading as a software update, on networks belonging to at least 31 major enterprise customers. A Russia-based group called Evil Corp. is using the malware as part of an attack sequence to download a new ransomware strain called WastedLocker on target networks, Symantec had noted. Among the Symantec customers impacted in the campaign are 11 publicly listed organizations, including eight in the Fortune 500 list.


Remote Work Pushes Brute-Force Attacks Higher

Security firm ESET reports an uptick in the number of unique clients who reported brute-force attack attempts in recent weeks. Most of these are attempts to exploit Windows’ remote desktop protocol (RDP), which is used by network administrators to remotely manage Windows systems. “Despite the increasing importance of RDP (as well as other remote access services), organizations often neglect its settings and protection[.] Employees use easy-to-guess passwords, and with no additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.”


Infosec community debates changing ‘Black Hat’ terminology

A Google security researcher has chosen to withdraw from speaking at the Black Hat security conference this year and has asked the information security community to stop using the terms “black hat” and “white hat”, as reported by ZDNet. [...] “I’ve decided to withdraw from speaking at Black Hat USA 2020,” Kleidermacher wrote on Twitter. “Black hat and white hat are terms that need to change. This has nothing to do with their original meaning… These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias.”


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book