CI Security

IT Security News Blast – 11-1-2019

21 Million Logins for Top 500 Firms Offered on the Dark Web

Not all of them are fresh, though. ImmuniWeb says in a report published today that 16,055,871 of the credentials they found were compromised in the past 12 months. However, the researchers reveal a worrying statistic: "95% of the credentials contained unencrypted, or brute-forced and cracked by the attackers, plaintext passwords." Using machine learning technology, the researchers were able to determine the accuracy and reliability of the data set by cleaning it of fake leaks, duplicates and default passwords set automatically.


Researchers unearth malware that siphoned SMS texts out of telco’s network

Dubbed "Messagetap" by researchers from the Mandiant division of security firm FireEye, the recently discovered malware infects Linux servers that route SMS messages through a telecom’s network. Once in place, Messagetap monitors the network for messages containing either a preset list of phone or IMSI numbers or a preset list of keywords. Messages that meet the criteria are then XOR encoded and saved for harvesting later. FireEye said it found the malware infecting an undisclosed telecom provider.


Bipartisan bill would have local governments use .gov to strengthen cybersecurity defenses

The DOTGOV Online Trust in Government Act of 2019 introduced by Senators James Lankford, R-Okla., Gary Peter, D-Mich., Ron Johnson, R-Wis., and Amy Klobuchar, D-Minn., charges the Department of Homeland Security (DHS) to put resources toward helping local governments switch to .gov web addresses already used at the federal and state levels. “When official government websites use the .gov domain instead of alternatives like .us or .com, it makes those government websites and email addresses more secure[.]”


HHS Updates Security Risk Assessment Tool

The Security Risk Assessment Tool, Version 3.1 was jointly developed by HHS' Office for Civil Rights - which enforces HIPAA, and the Office of the National Coordinator for Health Information Technology, which promotes the adoption of health IT and secure national health information exchange. The tool is primarily designed to aid small and midsized healthcare organizations in their efforts to assess security risks to help reduce the chance of being affected by malware, ransomware, and other cyberattacks, HHS says in a statement.


Tripwire, HITRUST partner on compliance standards

The HITRUST CSF is designed to enable healthcare organizations to achieve compliance with various standards such as NIST, CIS, and HIPAA by providing a single overarching framework. Paired with HITRUST CSF, Tripwire aims to offer broader platform support, better agentless and agent-based discovery, advanced reporting, and step-by-step remediation guidance.


F5 Labs 2019 Phishing and Fraud Report with CI Security

CI Security collaborated with F5 Labs in their newest report, the 2019 Phishing and Fraud Report, with research provided by our Critical Insight Security Operations Centers. CI Security co-founder and CTO Mike Simon shared what phishing attacks look like when detected by the security analysts trained to catch them, and recommended strategies to defend against phishing campaigns. Read what Mike had to say about phishing and get the link to download the F5 report.


No end to credit unions' cyber woes

With the onset of more devices connecting to the internet, attacks that were once unimaginable, like hackers stealing data through a fish tank, have become reality. As a result, credit unions will have a harder time defending themselves against cybercriminals. “We’re trying to move to a more automated approach in identifying threats and pointing out to human beings what to look at,” said Rob Hoyle, chief information officer at the $971 million-asset Credit Union of America in Wichita, Kan. “That will play into the 5G conversation pretty significantly.”


Is cyber insurance encouraging cyberattacks?

If for some reason the extortionist doesn’t return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt, part of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.


What cybersecurity risks do financial advisors face?

While it’s easy to hide behind your computer and turn a blind eye to cybersecurity, the truth is in the statistics. These risks exist for everyone, not just those big-name businesses you see falling victim on the news. Just look at these eye-opening statistics:

  • 43% of cyber attacks specifically target small businesses
  • 60% of small businesses go out of business within 6 months of a cyber attack
  • The average global cost of cyber crime is increasing by more than 27% per year


Ransomware attack on TrialWorks is one of 13 on MSPs and cloud-service providers in 2019

The Coral Gables, Florida-based company, which serves roughly 2,500 clients, was attacked back on Oct. 13, but reports of the incident only began to surface this week. According to a BleepingComputer report, TrialWorks did not acknowledge the attack in a public announcement, but did notify customers via email and assured them it was “actively decrypting and restoring data,” which suggests the ransom was paid. While the ransomware used in the attack was not revealed, the report further notes that the incident resembled a past Sodinokibi attack against the solutions provider Digital Dental Record (DDS).


Russian Hackers Now Piggybacking on Exploits of Iranian Hackers

What’s important to note here is that the Russian hacking group known as Turla was not just imitating the tactics and techniques of the Iranian hackers known as OilRig – they were literally breaking into the IT infrastructure of these hackers, co-opting their hacking tools, and taking over their servers in order to carry out their attacks. The upshot of all this, of course, is that cyber attacks originally attributed to the Iranians might actually be the work of the Russians.


Chinese hackers had access to entire network's text messages

An elite Chinese hacking group which broke into telecommunications companies was able to access the entire network's text messages and search them for intelligence material, according to a new report. The state-sponsored campaign involved the hackers, known as APT41, deploying malware on companies' SMS servers which handle text messages. This malware scanned through the servers searching for messages connected to specific phone numbers and IMSI (international mobile subscriber identity) numbers which uniquely identify network users.



Police in Mongolia have arrested 800 Chinese citizens as part of a major probe into cyber crime. Raids in the capital of Ulaanbaatar on Tuesday also resulted in computer equipment and mobile phones being seized by authorities. Gerel Dorjpalam, who heads Mongolia’s General Intelligence Agency, said those apprehended are suspected of crimes ranging from fraud and identity theft, to money laundering and computer hacking.


Russia Is About to Disconnect From the Internet: What That Means

On Nov. 1, Russia is poised to disconnect from the internet—in theory. [...] Russia has reportedly spent about $300 million on its sovereign internet plan. But while the country has restricted access to certain services in recent years—from VPNs to encrypted messaging apps—Henthorn-Iwane says it's unlikely the Russian government will be able to exert on its citizens the level of control China has accomplished with its Great Firewall by Nov. 1.


Surveillance Is the Business Model of the Internet. What's Coming Next?

The fact is, despite their power to pry, spies and cops are the wrong suspects to consider for making Orwell's "Super State" come true. What intelligence and law enforcement pull in about Americans pales beside the reach of Big Tech, now making big money playing 1984's Big Brother role. Bad press or not, Facebook, Google, the media conglomerates, as well as the middlemen who purvey Americans' personal data also couldn't be happier. They see dramatically growing opportunities in hoovering up and selling Americans' information. Their business forecasts show why.


ACLU sues feds to get information about facial-recognition programs

The records are "important to assist the public in understanding the government's use of highly invasive biometric identification and tracking technologies," says the complaint, filed in federal court in Massachusetts. Through the records, the ACLU seeks to "understand and inform the public about, among other things, how face recognition and other biometric identification technologies are currently being used by the government and what, if any, safeguards are currently in place to prevent their abuse and protect core constitutional rights."


32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant

A newly discovered variant of the Gafgyt Internet of Things (IoT) botnet is attempting to infect connected devices, specifically small office and home wireless routers from brands that include Zyxel, Huawei, and Realtek. [...] "The difference with this one is the developers added a new vulnerability to it that wasn't present in the previous one," Miller-Osborn says. "That added to its potential reach." Shodan scans indicate at least 32,000 Wi-Fi routers are potentially vulnerable to these exploits.


Microsoft Users Hit with Phishing Kits Hosted on Thousands of Domains

6,035 domains were used to host 120 phishing kit variants according to Akamai’s 2019 State of the Internet / Security Report, with users and employees of high tech companies being the ones most attacked. "Following that, financial services, with 3,658 domains and 83 kit variants, was the second most-targeted industry," Akamai says. "E-Commerce (1,979 domains, 19 kit variants) and media (650 domains, 19 kit variants) rounded out the list. In all, more than 60 global brands were targeted during the reporting period."


Australian government proposes facial recognition system to verify age for internet pornography

But the plans are unlikely to go far for now. Parliament first needs to approve a central database holding the matching biometric data. Concerns over privacy safeguards have so far blocked the relevant legislation. The facial recognition proposals in Australia come after the UK dropped its plans earlier this month to require age-verification for online pornography, with the government citing technical gaps.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast