Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-21-2021

Microsoft details how SolarWinds hackers hid their espionage
The attackers “apparently deem[ed] the powerful SolarWinds backdoor too valuable to lose in case of discovery,” Microsoft researchers said in its latest blog post. And so the spies ensured that the malicious code they used to move through victim organization was “completely disconnected from the SolarWinds process,” the researchers said.
Trump issues last-minute order targeting foreign cyber threats
Donald Trump issued an executive order on the final night of his presidency aimed at forcing cloud providers to capture more complete records about foreign customers. [...] To address those threats, the EO states, the government will move to require cloud providers to keep more complete records of foreign entities that they sell to and potentially require companies to limit "certain foreign actors’" access.
Balancing digitalized healthcare services and data security
Vendors, insurers and other third parties are not only partners in providing quality healthcare services but also in protecting a healthcare organisation’s critical and sensitive medical resources. It is crucial to secure third-party access and ensure that third-party identities are properly governed within the healthcare organisation’s security parameters.
OCR Lifts HIPAA Penalties for Use of COVID-19 Vaccine Scheduling Apps
Effective immediately, the enforcement discretion applies to covered entities and their business associates. The discretion also applies to all WBSA vendors providing the tech used by these entities in these efforts, regardless of whether the vendor has “actual or constructive knowledge that it meets the definition of a business associate” under HIPAA.
Hackers Calling Fair Game on Healthcare Institutions
It is imperative for healthcare institutions, from hospitals to large-scale pharmaceutical companies, to secure IT networks and invest in security infrastructure. However, the question some security leaders are grappling with is, what it will take to motivate healthcare leaders to prioritize security, especially if specific organizations have had no problems in the past with cybersecurity breaches? Part of the issue may involve the fact that trust and security are linked, and trust is at stake when nation-state attackers carry out a ransomware attack.
Social engineering gains momentum with cyber criminals
As IT security leaders construct their defenses, it is important to remember that socially engineered attacks seek out information first, making the victim an unwitting helper in furthering the threat actor’s ability to infiltrate the network. This approach allows cyberthreat actors to create compelling lures, which reflect very closely the organization they’re attacking, the people being targeted or even the individuals they are trying to mimic in an impostor-style attack.
First look: Financial Services GOP issue cyber report
The GOP report examines in-depth the proliferation of malicious digital activity since the pandemic started last March, including the still unfolding SolarWinds compromise. The examination also includes documents and information obtained from federal regulators related to their ongoing efforts to digitize their operations as well unimplemented recommendations from a number of federal agency inspectors general, many of which relate to IT and digital security.
2020: Cybercrime’s Perfect Storm
Global cybersecurity has a comparatively bleak outlook. Cybercriminal gangs continue to operate from within their country’s borders with relative impunity, in many cases in exchange for supporting state operations. The long-standing norm of state responsibility, which requires states to conduct due diligence to ensure that non-state actors aren’t operating from within their borders to harm other states, has not been widely observed, despite hopes that the coronavirus pandemic would strengthen it.
Is the Real Estate Industry a Target for Cyberattacks?
Not all real estate-related organizations are faced with an equal amount of inherent business risk of a cyber breach. That would depend on factors such as the type of business, the jurisdictions in which business is conducted, and the amount and nature of the personal information involved in the business (e.g., payment card data, Social Security numbers, and insurance information).
Biden's $10 Billion Cybersecurity Proposal: Is It Enough?
Hamilton also notes that one area not addressed by the proposal is state and local governments that need help with cybersecurity because they're not equipped to handle issues such as ransomware and other types of attacks. "The area that needs investment right now is local government," Hamilton says. "Cities and counties are more important at the scale of U.S. life than the federal government is, and the services provided are unquestionably critical. "
SecDef nominee pledges to evaluate information operations
In defense parlance, the department has begun to adopt a nomenclature for operations in the information environment to encompass the raft of capabilities that occur in the domain, including information operations, intelligence, cyber, electronic warfare, psychological operations, deception and many others.
A Chinese hacking group is stealing airline passenger details
A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. [...] But in a new report published last week by NCC Group and its subsidiary Fox-IT, the two companies said the group's intrusions are broader than initially thought, having also targeted the airline industry.
Cyberattack fears raise the alarm in Eastern European countries
The fragile state of cybersecurity in countries across the region could yet be exploited by hacker groups and malign actors. By targeting multiple state agencies or institutions, such attacks could also have consequences on their economies – for instance, an attack on the banking system could cause a major disruption. And most of these countries do not have the resources like their Western counterparts to invest in strengthening their cyberdefences, despite their desire to do so.
Iran targets Israel with growing number of cyberattacks
According to the source, disguised as a group of independent hackers, some linked to countries like Turkey, Iran has launched dozens of cyberattacks on Israeli sites, including government targets, most of which were neutralized early or failed to cause any real damage. [...] The defense source said, "This is a battlefield in every sense and so when they shoot at you, you shoot back."
NSA Releases Appendix to Rules Governing SIGINT Collection
The document, referred to as the SIGINT Annex, is an appendix to the manual of rules that governs intelligence collection by the Department of Defense. The document discusses the constraints governing SIGINT collection by the NSA that is not covered by the Foreign Intelligence Surveillance Act (FISA). The document can be read here and below.
The Internet Versus Democracy
Even as we extol the virtues of the digital world, to say nothing of the acceleration of digitization during the COVID-19 pandemic, the dark side has become impossible to ignore. The Western model of open-ended connectivity has given rise to platforms for trade in illicit drugs, pornography, and pedophilia. It has also fueled political extremism, social polarization, and now attempted insurrection. The virtues of cyber-libertarianism have become inseparable from its vices.
Critical Cisco SD-WAN Bugs Allow RCE Attacks
One critical-severity flaw (CVE-2021-1299) exists in the web-based management interface of Cisco SD-WAN vManage aoftware. This flaw (which ranks 9.9 out of 10 on the CVSS scale) could allow an authenticated, remote attacker to gain root-level access to an affected system and execute arbitrary commands as the root user on the system.
This Site Published Every Face From Parler's Capitol Riot Videos
The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book