Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-13-2020

Microsoft takes down massive hacking operation that could have affected the election

Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot's servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.


Tyler Technologies paid ransomware gang for decryption key

RansomExx is also known to steal data before encrypting devices on a network. The ransomware operators then threaten to release this stolen data unless a victim paid the ransom. As many school districts, court systems, and local and statement governments in the United States are Tyler Technologies customers, the risks of the public leaking of sensitive information and source code is concerning.


Ransomware Attacks Take On New Urgency Ahead of Vote

That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. [...] Just a few well-placed ransomware attacks, in key battleground states, could create the impression that voters everywhere would not be able to cast their ballots or that the ballots could not be accurately counted — what the cybersecurity world calls a “perception hack.”


A 7-Step Cybersecurity Plan for Healthcare Organizations [Slideshow]

"The hackers are businessmen, and for them time is money," says Torsten George, cybersecurity evangelist at Centrify. "It's much more difficult to make money on a DDoS attack. They would have to do the attack and press for a ransom. Overall, the medical world has done well on the administrative side of technology, but I worry more about the vulnerabilities in antiquated firmware in old medical equipment, such as ventilators and heart pumps.”


How to build up cybersecurity for medical devices

Healthcare delivery organizations have started demanding better security from medical device manufacturers (MDMs), he says, and many have have implemented secure procurement processes and contract language for MDMs that address the cybersecurity of the device itself, secure installation, cybersecurity support for the life of the product in the field, liability for breaches caused by a device not following current best practice, ongoing support for events in the field, and so on.


Why employees violate security policies

“Physicians, who are dealing with emergency situations constantly, were more likely to leave a workstation unlocked. They were more worried about the immediate care of a patient than the possible risk of a data breach.” [...] Because each subculture responds differently to the blanket security policies, security teams should identify and consult with each subculture to develop more effective ISPs that introduce less friction. In a hospital, for example, touchless, proximity-based authentication could lock or unlock workstations when an employee approaches or leaves a workstation. Sarkar suggested.


Budget and Hiring Practices Hinder Cities’

Cybersecurity Efforts [Subscription]

“The chief of information security, insofar as that person exists, doesn’t really have the authority to reach into all of those places and make change,” he said, speaking to reporters Thursday during a video call hosted by CI Security. “You can suggest real hard, you can create policy that is to be applied consistently across the enterprise, but it turns out to be really tough to do.”


Limiting business liabilities through a new era of protective intelligence

Protective intelligence forecasts, identifies, and assesses threats in near real-time so that security teams can take appropriate measures to avoid and alleviate them. Companies can reduce the risk of violence if a threat can be detected, evaluated, and rendered harmless before execution. The most significant benefit of the art of protective intelligence is the ability to be proactive and prevent incidents before they occur, instead of reacting to a situation as it unfolds.


Container shipping group CMA CGM resumes online services after cyber attack

CMA CGM, the world's fourth-largest container shipping group, said it has restored its online business services after a cyber attack last month paralysed activity. France-based CMA CGM first reported the incident on Sept 28, saying it had shut down access to its online services after malware targeted its peripheral servers.


In the Age of Coronavirus, Infectious Disease Isn’t the Top Business Risk in the US; Cyber Attacks Are

While the world sees cyber attacks as the fourth-greatest business risk at present and in the coming years, 55% of US business leaders saw it as their biggest problem in the near future. This is not to say that the rest of the world is at substantially less risk than the US; Europe reported cyber attacks as the second-greatest concern and the UK joined the US in naming it as the biggest immediate challenge.


Sedona Conference Proposes Legal Test for “Reasonable Security”

The proposed test is of use not only to adjudicators tasked with applying the nebulous “reasonable security” requirement, but also to businesses and other entities seeking to assess whether they pass the requirement. The Commentary explains that its proposed test is designed to be consistent with models for determining “reasonableness” that have been used in various other contexts by courts, in legislative and regulatory oversight, and in information security control frameworks.


Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch

The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location, taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.


Currently, the EU is unclear about the amount of evidence and the threshold required for public attribution and proportionate responses. At what point does malicious behaviour constitute a cyber attack and, if so, how much evidence is required for the attack to be attributed and sanctions imposed? The EU may consider whether the intelligence provided by the intelligence bureaus of member states affected by attacks are of a specific threshold, following which cyber sanctions can be considered.


Establishing zero-trust cybersecurity comes with challenges for Pentagon IT leadership

Mass telework introduced increased risk as personnel used home networks and personal devices to perform work through the Commercial Virtual Remote Environment, a platform the DoD stood up in response to remote work. That capability now has more than 1 million users, and the DoD wants to boost its cybersecurity level in the coming months to allow for more sensitive work as telework continues.


China's "Unreliable Entity List" Will Be In A Dilemma When Multinational Companies Respond To US Sanctions And "Long-Arm Enforcement"

The inter-departmental task force has not yet been established, but it will have extensive powers to investigate the behavior of foreign entities to determine whether they need to be included in the entity list. How the task force obtains records from foreign entities located overseas and the scope of the records are still open for discussion. At present, the Chinese authorities have not established a mechanism similar to the US authorities’ overseas summoning powers for obtaining overseas records of foreign entities.


Why You Should Stop Using SMS Security Codes—Even On Apple iMessage

“The SMS protocol—over 30 years old now,” it says, “is susceptible to man-in-the-middle attacks, social engineering and SIM swapping.” Forrester suggests third-party password replacement, advanced analytics, single sign-on and physical keys. Feasible for enterprises—albeit with a cost, training, support and user acceptance overhead, but hardly feasible for private users.


Next generation controls for information systems and organizations now includes key focus on privacy

800-53 R5 will continue to contain security and privacy controls, and baselines, tailoring guidance, and mapping tables have been moved to a new publication, 800-53B[.] [...] It also moves the privacy controls from an appendix (In 800-53 R4, privacy controls were detailed in Appendix J) into the main catalog by integrating them with relevant security controls and creating a new Privacy control family[.]


How to Properly Remove Nudes from Your Phone

Before passing your phone on to a new owner, read our guide for both Apple and Android users – and protect your rash from getting into the wrong hands, so to speak. If you have an iPhone, you're in luck. Even six-year-old iPhones can earn you about £100. And if you still have the original box, it’s weirdly worth more.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book