Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-19-2020

[WEBINAR] The State of 2020 Healthcare Breaches and What To Do About It

With recent headlines, security experts are having conversations about how to best manage security with their teams. In this upcoming webinar, healthcare security experts will show you the latest trends in reported healthcare breaches and how these trends could impact your organization. You’ll also learn how to manage risks that impact medical device security. Join Medigate, a leader in IoMT security, and CI Security on Thursday, October 29, 2020 at 10:00 AM PDT | 12:00 PM CDT. Register today to save your spot.


Hackers are using a severe Windows bug to backdoor unpatched servers

When his lure server was unpatched, the attackers were able to use a powershell script to successfully change an admin password and backdoor the server. In an interview, Beaumont said that the attack appeared to be entirely scripted, with all commands being completed within seconds. With that, the attackers installed a backdoor allowing remote administrative access to devices inside his mock network.


New Emotet attacks use fake Windows Update lures

Tricking users to enable editing is just as important to malware operators as the design of their email templates, their malware, or the botnet's backend infrastructure. [...] File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it).


Breach at Dickey’s BBQ Smokes 3M Cards

On Monday, the carding bazaar Joker’s Stash debuted “BlazingSun,” a new batch of more than three million stolen card records, advertising “valid rates” of between 90-100 percent. [...] Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months.


Senator Questions US Healthcare Giant Over Cyber-Attack

Following the attack, former technology entrepreneur and vice chairman of the Senate Intelligence Committee, Senator Mark Warner, has written to UHS to express concerns regarding their cybersecurity measures. Warner told the Fortune 500 company that with annual revenue of more than $11bn, it should have a cybersecurity posture "sufficiently mature and robust to prevent major interruptions to health care operations."


New research shows risk in healthcare supply chain

Sub sectors within healthcare reveal different risk trends. The research shows that hospitals have a much larger Internet surface area (hosts, providers, countries), but maintain relatively low rates of security findings. Additionally, nursing and residential care sub-sector has the smallest Internet footprint yet the highest levels of exposure. Outpatient (ambulatory) and social services mostly fall in between hospitals and nursing facilities.


Robinhood Kicks Cybersecurity Month Off by Getting Hacked

Approximately 2,000 Robinhood accounts were accessed by hackers and looted during the week of October 5, according to Bloomberg. Victims told Bloomberg that their trading accounts were hacked in spite of already having set up account protection. A Robinhood spokesperson tells us, "A limited number of customers appear to have had their Robinhood account targeted by cybercriminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood.


Cybercrime Losses Up 50%, Exceeding $1.8B

Not surprisingly, larger organizations were the most common targets — and shelled out the most money —  for cybercriminals. The financial impact differed widely across countries, verticals, and firm sizes. According to Hiscox, the energy, manufacturing, and financial services sectors are especially at risk. This is the result of low maturity in cyber resilience and low tolerance to what is often a high-impact outage.$18b/a/d-id/1339041


New York calls for cyber security oversight of social media companies after Twitter hack

New York’s Department of Financial Services is calling for greater cybersecurity oversight for social media companies in a report detailing a major hack targeting Twitter. The agency slammed the social media giant for letting itself be duped by a “simple” social engineering technique after a Florida teen allegedly orchestrated the July 15 attack which saw accounts, including those of Tesla head Elon Musk and former President Barack Obama, used to steal more than $118,000 worth of cryptocurrency from Twitter users.


British Airways receives $20M fine for cyber-incident

While significant, the financial penalty is around 25 times lower than the “worst-case” scenario. Following a two-year investigation, the ICO found that British Airways was processing “a significant” amount of its customers’ private data without proper security measures. Had the airline identified and resolved weaknesses of its security measures, it could have prevented the 2018 cyber-attack “being carried out in this way,” the commission outlined in a statement on October 16, 2020.


Iran says one of two cyber attack targets was country's ports

The government's Information Technology Organization reported the hacking of two institutions without giving details on the targets or perpetrators. The second target of the attacks on Monday and Tuesday last week is yet to be identified. "Sworn enemies have been trying for some time to carry out cyberattacks," the semi-official Tasnim news agency quoted a statement by the Ports and Maritime Organization as saying.


Former NSA chief says Russia unlikely to target infrastructure to try to change votes

"Do they have capability? Yes. Is it likely? No," Rogers said on "Face the Nation" when asked whether the Russians have the capability to alter votes and possibly change the outcome of the election. "We haven't seen anything to date that would suggest that. We're certainly seeing in cyber the same level of activity that we saw back in 2016. I would say where I think the Russians are doubling down is a little less on cyber activity directed directly against voting infrastructure."


Google offers details on Chinese hacking group that targeted Biden campaign

The tech giant did not specify which organizations or industries were targeted in the activity, or even if it affected political campaigns. Google did say it shares its election-related findings with the FBI and political campaigns to help protect them from the threat. “Overall, we’ve seen increased attention on the threats posed by [advanced persistent threats] in the context of the U.S. election,” wrote Shane Huntley of Google’s Threat Analysis Group, using the industry term for state-linked hackers.


North Korea cyber war: Kim grooming 'promising' young people to target organisations

Their activities have proved beneficial to the North, beefing up state coffers. Kim also came within a whisker of pulling off the biggest bank heist in history four years ago. A typo saw the North's hacker group miss out on stealing $1billion from the New York Federal Reserve - yet they still managed to get away with $81m (£62m). Many have warned that going forward the North should be closely monitored as its capability and technology advance.


‘Weaponized truth’: How the US military plans to compete in the crowded information space

On the modern internet, messages — true or false — can rapidly spread across the globe, and once a narrative is established, countering it can be a challenge. U.S. officials have described how American adversaries are winning the propaganda battle for hearts and minds by making false or misleading claims, such as large-scale civilian casualties during U.S. airstrikes. By the time the U.S. military conducts a full-scale assessment of these incidents, the narrative has taken hold.


Google Has Fended Off 11,000 Government Sponsored Cyber Attacks Per Quarter This Year

As a result of the fact that this is the case, Google has started encouraging users that get these notifications to register in the Advanced Protection Program that the company has started offering. This program is meant for journalists, politicians, activists and other people who are at a higher than average risk of suffering from some form of cyberattack all in all.


Twitter hackers lured employees to give up VPN credentials

The Twitter hackers also appear to have conducted research to identify basic functions and titles of Twitter employees so that they could better impersonate Twitter’s IT department. [...] Armed with these personal details, the hackers convinced several Twitter employees that they were from the social media company’s IT department and stole credentials.


If you want to practice writing exploits and worms, there's a big hijacking hole in SonicWall firewall VPNs

With the vuln being exploitable before authentication, anyone could send malformed requests to a target device – either causing a denial-of-service condition by crashing it, or potentially exploiting it to remotely execute code without local authentication; Tripwire says such an attack is "likely feasible." A worm could be developed that infects a machine via the VPN and then seeks out other vulnerable devices to hijack.


Find a job in cyber? Become a boxer? The odd U.K. government advice for arts workers during the pandemic.

The anger came after a beta version of a quiz developed by the British government to help people prepare for career changes became the subject of gallows humor among arts workers last week. [...] But those who took the quiz were often perturbed by the suggestions. This reporter took the test last week and was advised to consider a new career in boxing or as a soccer referee. On Twitter, other users shared images of recommendations that they become lock keepers or airline pilots.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book