Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-16-2021

This Thursday - [Webinar] See How a Ransomware Attack Unfolds - From The Criminal's Point Of View
Join CI's Director of Adversary Replication and Detection, Jeremy Johnson, this upcoming Thursday, 2/18, for a real-time demonstration of a ransomware attack from the point of view of the threat actor. Demonstrating the latest tactics seen in the field right now, Jeremy will be joined by CTO Mike Simon and DEFCON Black Badge and CI Consultant Alethe Denis to explain how InfoSec teams can minimize the risks and prepare to respond.
https://app.livestorm.co/ci-security/how-ransomware-attack-unfolds
 
Washington auditor’s office warned agencies of data-breach risks. Then it got hacked
In revealing the breach, McCarthy repeatedly pointed blame at Accellion, the California tech firm whose aging digital file-sharing service, known as FTA, the auditor’s office had relied on for more than a decade. But McCarthy’s office also is culpable, cybersecurity experts told The Seattle Times. They criticized the auditor’s reliance on two-decade-old technology to store and transmit sensitive data — and some questioned whether the auditor needed to amass so much detailed personal information in the first place.
https://www.seattletimes.com/seattle-news/politics/washington-auditors-office-warned-agencies-of-data-breach-risks-then-it-got-hacked/
 
Water control system cyber incidents are more frequent and impactful than people are aware
There have been suggestions the Oldsmar cyberattack occurred because of the lack of enforceable cyber security regulations in the water industry. [...] The Oldsmar water system cyberattack was not just about inadequate remote access but also about the need to include engineering considerations. It is also important to know what has already happened like the 2007 sodium hydroxide case where more than 100 people were hospitalized.
https://www.controlglobal.com/blogs/unfettered/water-control-system-cyber-incidents-are-more-frequent-and-impactful-than-people-are-aware
 
HIPAA and 2021 Healthcare Data Security Trends
Globally, cyber resilience frameworks will emerge as everyday strategies to address compromised data.  The end goal will be to protect data, reduce or eliminate data breaches, and meet the growing list of regulatory compliance requirements, under HIPAA, GDPR and new regulations like the CCPA in California.
https://www.enterprisetimes.co.uk/2021/02/15/hipaa-and-2021-healthcare-data-security-trends/
 
It will take more than the first cyberattack-related death for healthcare’s security wakeup call
Disruptions to operations create other issues and delays in care can result in patient harm therefore it wouldn’t be a stretch to postulate that security events have had negative patient outcomes. However, despite numerous ransomware reports, no direct link of a security event to a patient death had been observed until September 2020 where the first patient death linked to ransomware-induced by delay of care was reported.
https://www.dotmed.com/news/story/53880
 
13 patient data breach lawsuits in the past year
Along with the uptick in cybersecurity incidents at hospitals and health systems, patients have begun to take action in response to their data potentially being mishandled. Here are 13 patient data breaches in the past year that have resulted in lawsuits filed by patients.
https://www.beckershospitalreview.com/cybersecurity/13-patient-data-breach-lawsuits-in-the-past-year.html
 
10 Reasons Check-the-Box Compliance Puts Your Organization at Risk
Compliance does not necessarily equate to effective cybersecurity, and the process of ensuring compliance may not eliminate key risks. While compliance can help you identify and assess short-term acceptable risk, your organization should have a clear picture of your organizational risk appetite and how that appetite might change over time.
https://securityboulevard.com/2021/02/10-reasons-check-the-box-compliance-puts-your-organization-at-risk/
 
State and local digital infrastructure is rife with vulnerabilities
In 2019, the Senate passed the State and Local Government Cybersecurity Act designed to create grants and other programs to help states and localities fend off ransomware attacks and other threats. In 2020, the House passed its own bill, the State and Local Cybersecurity Improvement Act, also creating a federal grant program to go toward state and local government cybersecurity efforts. [Neither] has yet passed into law, [...] thus leaving states and municipalities without federal funding in the foreseeable future.
https://gcn.com/articles/2021/02/11/state-local-infrastructure-vulnerabilities.aspx
 
Protecting the cybersecurity of America’s networks
The FCC has both the responsibility and the authority to protect the nation’s networks. The opening lines—Page 1, Title I, Section 1—of the Communications Act establishes the FCC, among other reasons, “…for the purpose of the national defense, [and] for the purpose of promoting safety of life and property…” When those lines were written in 1934, no one could imagine the digital networks of today. [...] As a result, the statute gives the FCC responsibility and the broad authority to take action to preserve and promote these national purposes.
https://www.brookings.edu/blog/techtank/2021/02/11/protecting-the-cybersecurity-of-americas-networks/
 
Security Think Tank: Renewed US stability may ease cyber tensions
On the one hand, a more stable influence at the helm in the US potentially facilitates far greater levels of international cooperation and therefore a more integrated approach than has been evident over the past four years; but on the other hand, with a significant volume of internal issues to handle, the new administration may seek to put its own house in order first.
https://www.computerweekly.com/opinion/Security-Think-Tank-Renewed-US-stability-may-ease-cyber-tensions
 
Langevin hopeful new Armed Services panel will shine new spotlight on cybersecurity
Langevin is gearing up to chair the newly established subcommittee on Cyber, Innovative Technologies, and Information Systems, which is set to intensify the focus of the House Armed Services Committee on cybersecurity concerns at the Department of Defense (DOD).
https://thehill.com/policy/cybersecurity/538692-langevin-hopeful-new-armed-services-panel-will-shine-new-spotlight-on
 
French cyber agency reveals suspected Russian hacks
France's national cyber security agency said Monday that it had discovered suspected Russian hacking attacks starting in 2017 that affected several French organisations. "This campaign mostly affected information technology providers, especially web hosting providers," said the French National Agency for the Security of Information Systems (ANSSI).
https://www.arabnews.com/node/1809886/world
 
Zuckerberg responds to Apple’s privacy policies: “We need to inflict pain”
Facebook, whose business model and competitive advantage rely on this kind of tracking, responded by telling investors to expect falling revenues—and by running full-page newspaper ads declaring that the change would hurt small businesses. Further, Facebook has explored filing a lawsuit against Apple, alleging that the smartphone maker's policies are anticompetitive.
https://arstechnica.com/gadgets/2021/02/zuckerberg-responds-to-apples-privacy-policies-we-need-to-inflict-pain/
 
Surveillance Technology and the Rule of Law
We also have to consider the inherent conservatism of the legal system. The Supreme Court eschews addressing new technological considerations with sweeping opinions. [...] It shows the extreme reluctance of the Supreme Court to move concurrently with the pace of technological change. And this disconnect can only lead to infringement of social and individual liberties that many public and private actors are eagerly willing to commit.
https://www.thegreatcoursesdaily.com/surveillance-technology-and-the-rule-of-law/
 
This phishing email promises you a bonus - but actually delivers this Windows trojan malware
The backdoor has been used in attacks targeting industries including healthcare, technology, manufacturing and logistics across North America and Europe. Researchers have linked it to the developers of Trickbot, one of the most common forms of malware for criminal hackers looking to gain entry to networks.
https://www.zdnet.com/article/this-phishing-email-promises-you-a-bonus-but-actually-delivers-this-windows-trojan-malware/
 
Cybercrooks Rake in $304M in Romance Scams
These gambits typically start with a an online connection that turns into daily communications; the scammer hones a relationship with the target from afar before eventually asking for money. A besotted target then sends funds in the form of a gift card (this payment type was up 80 percent in 2020, the FTC found) or a wire transfer.
https://threatpost.com/cybercrooks-304m-romance-scams/163972/
 
Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack
“When we analysed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.” If anyone understands the havoc 1,000 developers can create, it’s Microsoft.
https://www.theregister.com/2021/02/15/solarwinds_microsoft_fireeye_analysis/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe