Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 11-20-2020

Over 80% companies re-structured their cybersecurity infrastructure in 2020
Over 80 percent of enterprises have transformed their approach to cybersecurity. This change has been led by large-scale enterprises. Small and medium-sized enterprises have followed suit by improving the way they approach cybersecurity. Many small businesses are digitally driven. Companies with as few as 10 employees are adjusting their cloud security as more of their employees are working from home.
Microsoft rolls out protection for critical accounts in Office 365
Priority Account Protection enables an organization's security team to provide critical accounts with custom-tailored protection measures to block targeted attacks such as phishing that could lead to severe security breaches due to their access to highly sensitive company data. It allows prioritizing alerts and threat investigations involving an organization's most targeted or visible executive-level users.
Hackers Hit COVID-19 Biotech Firm, Cold Storage Giant with Cyberattacks
Law enforcement has been contacted, and Americold is working with outside cybersecurity leaders and its legal counsel to respond to the incident. The disclosure does not detail the type of threat or exploit leveraged in the attack but the company is continuing to recover from the attack, while ensuring its IT infrastructure and customer data is secured.
7 Best Practices for Third-Party Risk Management in the Pharmaceutical Industry
From a logistics view, a growing number of touchpoints between production and consumers, shipments that require refrigeration, packaging coordination, and shipment delays related to third-parties all may increase risk. This risk is compounded by compliance-related issues. [...] If these companies and their third-parties do not comply, the organization becomes subject to costly fines  – which can range between $10 million and $1 billion depending on various factors.
Threats without borders: Brazilian banking trojans go global
In years past, attacking local financial institutions was easy for Brazil-based cybercrime groups, because the attackers were intimately familiar with the regional banking systems as well as the local, Portuguese language. But as these banks have begun to fight back, the attackers have had to make their living elsewhere, say experts, and they’ve largely chosen the path of least resistance.
Business interruption drives 60% of cyber losses: Allianz
When it comes to value, cyberattacks – including distributed denial of service (DDoS), phishing and malware – accounted for the majority of claims analyzed by AGCS (85%). Malicious internal actions accounted for 9% of losses. “Losses from incidents such as DDoS attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” Catharina Richter, global head of Allianz’s Cyber Center of Competence said in the statement.
Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks
Paul Prudhomme, cyber-threat intelligence analyst at IntSights, warned in new Thursday research that automotive cyberattacks are on the rise – whether they’re aimed at intellectual property (IP) theft or bent on delivering ransomware. And, with the ongoing pandemic shaking up both the sales and supply chain across the automotive industry, the risks of cyberthreats are only adding on to an existing pile of problems.
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/O applications in North America." "Successful exploitation of this vulnerability could cause a denial-of-service condition, and a buffer overflow may allow remote code execution," the US cybersecurity and infrastructure agency (CISA) said in an advisory.
Cybersecurity depends on the user
President of Check Point Software Technologies in Russia and CIS Vasily Diaghilev has singled out 3 key challenges in the new reality. Firstly, the decision-taking time limit has shortened considerably, — the market proved unprepared for this (unlike in the past, when months were given to elaborate decisions on cyber security, now a mere days are given to do so). Secondly, the criminal groups which had to go online as well, were provided with new financing to “work” in the cyber sphere. Thirdly, user vulnerability went up due to a wide variety of hacking methods.
‘Absolute right guy for the job’: New cyber chief takes reins amid the chaos
Wales, CISA’s top career staffer and officially its executive director, became its acting director on Wednesday after Trump fired Krebs for debunking the baseless election-related conspiracy theories that the president and his allies are promoting. At least for now, that debunking continues — the agency “Rumor Control” website that so angered the White House was still operating Wednesday afternoon, although Wales has not continued Krebs’ practice of indirectly trolling the president on Twitter.
CISA joins fight in cyber attacks targeting veterans
So while working for Vietnam Veterans, America, we published this 200 page report. It was covered by your network and virtually every major network out there. And yet, we got crickets from the executive branch all around. The VA said that they were going to respond. It’s been over a year, the VA has had no response. Finally, it was CISA who reached out to Vietnam Veterans Americans and said, hey let’s form a partnership here. We want to help to defend veterans against foreign online interference, and we jumped at the opportunity.
The UK's new offensive cyber unit takes on organised crime and hostile states
[MI6] - which will provide its "expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology". GCHQ said that examples of cyber operations could include interfering with a mobile phone to prevent a terrorist from being able to communicate with their contacts, helping to prevent the internet from being used as a platform for serious crimes, or keeping UK military aircraft safe from targeting by hostile weapons systems.
Hacking attacks on government growing more sophisticated, intelligence agency warns
"We certainly do see state actors, but by far and large it's cybercrime, which I would say is getting more and more sophisticated," Scott Jones, head of the Communications Security Establishment (CSE) Canadian Centre for Cyber Security, told CBC News. The motivations for such attacks vary widely, he said. Some criminals play for small stakes — trying to pick off individual government employees for their SIN numbers and passwords, for example.
Chinese Hackers Exploit Zerologon Flaw for Cyberespionage
"Companies in multiple sectors are targeted in this campaign, including those operating in the pharmaceutical and engineering sectors, as well as managed service providers," the report notes. "The scale and sophistication of this attack campaign indicate that it is the work of a large and well-resourced group, with Symantec discovering enough evidence to attribute it to Cicada."
US Senate approves deepfake bill to defend against manipulated media
The bill, S.2904, directs the US National Science foundation to support research into "manipulated or synthesized content and information authenticity," specifically the content produced by AI systems known as Generative Adversarial Networks(GANs), such as deepfakes. It also requires the National Institute of Standards and Technology (NIST) to develop ways to measure and assess deepfakes and to investigate public-private partnerships focused on detected synthesized or manipulated content.
‘The cameras are always on’: Student surveillance and privacy protection in the age of e-learning
The virtual learning environment has already provided educators a clear glimpse into their students’ home lives in ways like never before. As stories emerge about what it means now that school is in the home — such as a teacher raising funds to ensure their students have fire detectors in their home after hearing beeping through student cameras — it raises questions about the larger implications for K-12 schools and concerns about a normalization of surveillance and a changing idea of privacy.
Streetlight Spy Cameras Have Led to a Massive Privacy Backlash in San Diego
In 2017, the city of San Diego began installing around 3,000 sensors and hidden cameras into streetlights. The so-called "smart streetlights" were originally approved as an initiative to monitor and mitigate traffic, but quietly became a crime-solving tool for local police and faced public outcry from privacy-concerned residents. Now, what began with local opposition to the controversial technology is driving an effort that could give the city one of the strongest sets of local privacy regulations in the country.
Facebook AI catches 95% of hate speech; company still wants mods back in office
Facebook's software systems get ever better at detecting and blocking hate speech on both the Facebook and Instagram platforms, the company boasted today—but the hardest work still has to be done by people, and many of those people warn that the world's biggest social media company is putting them in unsafe working conditions.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book