CI Security

IT Security News Blast – 2-6-2020

FBI ‘Drive-By’ Hacking Warning Just Got Real: Here’s How This Malicious New Threat Works

And in that instant, tens of millions of smart bulbs had been proven vulnerable. On the surface this flaw is about the way in which Philips Hue implemented Zigbee. Vulnerabilities with Philips Hue connected lightbulbs have been reported before, the issue here is jumping from the lightbulb to the bridge and from the bridge to the network. In its report, Check Point says it “used the lightbulb as a platform to take over the bulbs’ control bridge completely.”


FBI warns of DDoS attack on state-level voter registration website

The agency said that DNS requests occurred every two hours or so over at least a month “with request frequency- peaking around 200,000 DNS requests during a period of time when less than 15,000 requests were typical for the targeted website.” The DNS requests came from source IP addresses that belonged to recursive DNS servers, which obfuscated “the originating host(s) or attacker, and were largely for non-existent subdomains of the targeted website,” the warning said, noting that in a three-minute window in one sample “24 IP addresses used by recursive DNS servers made 2,121 DNS requests.”


Malware Destroys Data of 30,000 Fondren Orthopedic Patients

The provider took steps to restore the system and launched an investigation, which determined there was no evidence the medical or personal data was accessed or exfiltrated during the attack. However, some patient records were permanently damaged during the cyberattack. The records included patient names, contact details, diagnoses, treatment information, and health insurance data. As a result, patients will need to prepare new patient forms that include medical history, when visiting the provider in the future.


Data exchange and cybersecurity

Too many companies opt to create their own siloed software ecosystems, refusing to take into consideration how the plumbing in their products might operate within a more diverse information environment. Instead of fighting to provide the best customer service or user experience, many are instead opting to make it harder for their products to communicate with systems designed by competitors.


Healthcare in 2020: What you need to know

“The rapid growth of Internet of Medical Things (IoMT) over the last few years has brought huge benefits to medical organisations and their patients alike. However, creating increasingly connected environments also brings new risks as cyber criminals try and exploit device and network vulnerabilities to wreak havoc. In fact, our recent global survey found that 1 in 5 healthcare IT professionals are unsure if every medical device on the network has all the latest software patches installed - creating a porous security infrastructure that can easily be bypassed.


Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers

It appears to be the first time a cyber attack triggered a formal covenant violation, according to research firm Municipal Market Analytics. [...] Because of the attack, the hospital was forced to spend about $1 million on new computer equipment and infrastructure improvements, Gilliland said. That cost, along with declining patient volume, caused the hospital’s debt service coverage for the fiscal year that ended on Sept. 30 to fall to 78%, below the 120% the loan agreement requires, according to the material notice to bondholders.


Enforcement of the NYDFS Cybersecurity Regulation Coming in the Near Future

The Cybersecurity Regulation is nearly three years old now, but for businesses that are not fully up to speed the consequences may soon be serious in light of anticipated enforcement activity. [...] While the DFS has yet to impose a fine for inadequate cybersecurity compliance, this year may mark the beginning of more vigorous enforcement. This post provides an overview of the Cybersecurity Regulation for purposes of informing Covered Entities of certain notable requirements.


Key Information on Identity Management For Financial Organizations

Namely, finance businesses need to contend with specific and complex regulatory compliance mandates; these include the Bank Secrecy Act, the Fair Accurate Credit Transactions Act, and the Financial Crimes Enforcement Network. Additionally, IAM for financial enterprises requires dealing with the consequences of digital transformation and other technology evolutions. Of course, these include cloud services, but also includes innovations including the Internet of Things (IoT) and mobile devices.


Report: Ransomware costs doubles year-over-year

The average cost of ransomware attacks in the fourth quarter of 2019 reached $84,116 – reflecting a staggering 104% increase from $41,198 in Q4 2018, a report from cyber incident response firm Coveware has found. The cybersecurity firm noted in its report that, typically, the total cost of a ransomware attack includes the ransom payment (if one is made), network and hardware remediation costs, the organization’s lost revenue due to business interruption, and costs related to brand damage.


More Cloud, More Hacks: Panic Or “Keep Calm And Carry On”?

Packed with extraordinary computational power, the application of quantum computing holds untold potential in commercial, research and government use cases. However, this same potential has caught the interest of next-wave hackers that see the possibilities to crack algorithms, encryption and complex cryptographies in a simple matter of seconds.


Officials worry Iran will target defense contractors with cyberattacks

“The risk is pretty high,” Kendrick said proxies getting involved. “Iranian proxies are going to feel the need to draw attention to themselves.” Further muddling attribution, other countries could even mask their own attacks to look like Iran, particularly Russia and its “wiley cat” leader, Vladimir Putin, Kendrick said. “They are not going away anytime soon,” Kendrick said of proxy attacks. “Tune your sensors to the proxies.”


Russia Unleashes New Weapons In Its ‘Cyber Attack Testing Ground’: Report

Kremez is using his report to call out an escalation in cyber espionage attacks on strategic Ukrainian targets—security, military and government related. The attacks are using newly modified Windows malware, likely to be the “preparatory stage” for a full cyber attack. Malware that is designed to collect and return data, seeking instructions from a remote command and control server. The new report claims this cyber campaign has now hit as many as five thousand “unique” entities in Ukraine.


Friendly Fire: The No. 1 Threat to America's Election Cybersecurity

One study of poll workers in California reported several such breaches of standard operating procedures, including leaving a memory card with vote totals at the polling site at the end of the day and leaving the door to a ballot box unlocked. A majority of poll workers are older than 60, which is unsurprising given that most people under that age are too busy with work or school to take off the time. And without proper training, many older poll workers lack an adept understanding of technology and cybersecurity. This leads to an insecure voting environment.


YouTube stresses deepfake ban

Ahead of the Iowa caucuses – and the chaos that ensued after an app failed – YouTube reminded its community that deepfake videos – and other misleading videos aimed at voters that pose “serious risk of egregious harm” – are banned and will be removed. Viewers won’t see birtherism videos or any other footage that falsely suggests that candidates aren’t eligible to run.


The Iowa mess and what it means for cyber

Signs point to poor code vetting and other problems rather than hacking, even if it’s hard right now to draw firm conclusions on the latter. Eric and Steven Overly separately warned of other potential election tech foibles ahead in 2020. Motherboard got a look at the app itself, and it wasn’t pretty. The company that made the app, Shadow Inc., apologized, even as there was yet more evidence of insufficient testing. And Nevada Democrats said they wouldn’t use the same app later this month.


Google Quits Cookies As Data Privacy Regs Show Fangs

Somewhat in spin control mode, Google caused a collective gasp when it announced that its Chrome browser – No. 1 in the world – would stop allowing third-party cookies by 2022. And what does the world look like without cookies? No one is sure, but publishers and marketers may not like it, according to one Google blog post, leaving the web giant and others to propose “privacy sandboxes” to save the ad-supported internet without stalking consumers.


Malware stew cooked up on Bitbucket, deployed in attacks worldwide

When legitimate hosting services are abused -- including Google Drive, GitHub, and Dropbox -- it is usually a quick affair to have users reported and malicious files removed, but in this case, the cybersecurity firm says that an array of user profiles are in use and are being updated regularly, sometimes as often as every hour, in order to avoid disrupting criminal operations. According to the report, over 500,000 machines have been infected by malware used in this campaign so far -- and the attacks show no signs of stopping.


Serious flaw that lurked in sudo for 9 years hands over root privileges

“Exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled,” an advisory published by sudo developers said. “The bug can be reproduced by passing a large input to sudo via a pipe when it prompts for a password. An example of exploit code is:

    $ perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id

    Password: Segmentation fault


Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation

CDP is a Cisco proprietary Layer 2 network protocol that is used to discover information about locally attached Cisco equipment. CDP aids in mapping the presence of other Cisco products in the network and is implemented in virtually all Cisco products – including switches, routers, IP phones and IP cameras. Many of these devices cannot work properly without CDP, and do not offer the ability to turn it off, according to researchers.


Here Is a Link to the App that Blew Up the Iowa Caucus

What we are publishing is an inert app that is no longer being used for an election, that the DNC has stated will not be used in future elections, and that is no longer connected to backend servers or services. But app developers, security researchers, election officials, and politicians can still learn from the shortcomings of this app's design to help inform future decisions about the use of internet-connected apps and voting machines.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast