Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 4-6-2021

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities
Fortinet FortiOS SSL VPNs are used mainly in border firewalls, which cordon off sensitive internal networks from the public Internet. Two of the three already-patched vulnerabilities listed in the advisory—CVE-2018-13379 and CVE-2020-12812—are particularly severe because they make it possible for unauthenticated hackers to steal credentials and connect to VPNs that have yet to be updated.
https://arstechnica.com/gadgets/2021/04/feds-say-hackers-are-likely-exploiting-critical-fortinet-vpn-vulnerabilities/
 
Network Monitoring: The Forgotten Cybersecurity Tool
For the most part, SIEMs and similar security tools report on anomalies detected by security hardware, such as firewalls and other security appliances. That can unintentionally create blind spots when monitoring networks for security events. [...] Today’s active network monitoring products bring additional capabilities to cybersecurity teams that can keep them one step ahead of an attacker.
https://securityboulevard.com/2021/04/network-monitoring-the-forgotten-cybersecurity-tool/
 
Unsecured medicals images: The self-destructive threat
One of the most striking security vulnerabilities we have investigated is the use of Digital Imaging and Communications in Medicine (DICOM), a common standard for storing and transmitting medical images between devices. DICOM dates back more than 30 years, so it predates modern cybersecurity protections.
https://www.healthcareglobal.com/medical-devices-and-pharma/unsecured-medicals-images-self-destructive-threat
 
NHS trusts now have twice as many security professionals than in 2018
The percentage of NHS trusts with no qualified IT security professionals in their ranks has also come down from 23% in 2018 to 15%, reflecting the seriousness with which NHS trusts have strived to onboard qualified security professionals in the past 24 months.
https://www.teiss.co.uk/nhs-trusts-hiring-more-security-pros/
 
More than 1 million affected by data breaches in March
In March, 36 organizations reported to HHS that 1,116,997 individuals were affected by data breaches. Breaches of protected health information affecting more than 500 individuals are required to be listed on HHS' breach portal. Here are the organizations that reported data breaches to HHS during March, ranked by the number of patients affected[.]
https://www.beckershospitalreview.com/cybersecurity/more-than-1-million-affected-by-data-breaches-in-march.html
 
Cybersecurity is Top-of-Mind for Audit Committee and CFOs in the New Reality
Boards today are doing more to monitor cyber security effectiveness, having amassed greater IT expertise on board and relevant committees in order to fill knowledge gaps. For audit and compliance committees, internal controls will always have a place within the audit; data governance and compliance with privacy laws and regulations continue to be a priority for compliance committees.
https://www.financialexecutives.org/FEI-Daily/April-2021/Cybersecurity-is-Top-of-Mind-for-Audit-Committee-a.aspx
 
Cyberattack Disrupts Molson Coors Production
As a result, Molson Coors will shift up to 2.0 million hectoliters of production and up to $140 million in revenue from the first quarter of 2021 to the balance of its 2021 fiscal year. Its guidance for the full fiscal year remains unchanged.
https://www.foodprocessing.com/industrynews/2021/cyberattack-disrupts-molson-coors-production/
 
Cybersecurity: Industrial needs industrial protection
When they hear cybersecurity, most people will think of data or intellectual property theft. However, those same transparent networks are also used to operate machinery and major industrial facilities. If these signals and indeed all data flowing on industrial networks are compromised it could pose a threat to a facility’s finances, and its safety.
https://www.manufacturingglobal.com/technology/industrial-progress-needs-industrial-protection
 
The DOTGOV Act: Local Cybersecurity a National Imperative
With the passage of the Consolidated Appropriations Act of 2021 last December, Congress included the DOTGOV Online Trust in Government Act (DOTGOV Act), which for the first time explicitly authorizes the federal government to run the .gov TLD and provides important requirements to speed the adoption of and migration to .gov throughout all levels of government in the United States.
https://www.govtech.com/opinion/The-DOTGOV-Act-Local-Cybersecurity-a-National-Imperative.html
 
Cybersecurity State Power Struggles
With no end in sight to the ‘trade wars’ and the tech-driven arms race between global superpowers, the stakes are increasingly high. Russia has already announced testing on an ‘unplugged’ internet – a country-wide alternative to the web – which could effectively give it control over what citizens can access. Also, t’s no secret that Iran and China are already censoring content and blocking access to external information.
https://www.infosecurity-magazine.com/opinions/cybersecurity-power-struggles/
 
New Federal Tools Can Help Private Sector Protect Trade Secrets From Cyberattacks – And May Soon Require Reporting
Another key provision authorizes the Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Agency (CISA) to issue administrative subpoenas to internet service providers that would compel them to provide information necessary to identify and notify an entity at risk of a cyberattack. [...] This would allow the federal government to receive and release information on identified vulnerabilities.
https://www.jdsupra.com/legalnews/new-federal-tools-can-help-private-8884852/
 
DoD initiates CMMC review — big deal or perfunctory?
Some experts said this is a significant sign that the Biden administration wants to rethink major aspects of CMMC. Others say it’s a perfunctory review and one any new administration would undertake given the importance of the program. They say these reviews likely are happening across DoD.
https://federalnewsnetwork.com/reporters-notebook-jason-miller/2021/04/dod-initiates-cmmc-review-big-deal-or-perfunctory/
 
New reports detail ongoing space threats, and Russia is raising concerns
The reports say that this year, Russia has become a bigger threat to orbiting satellites, with signs of escalation to come. Meanwhile, although China has also increased its space capabilities this year, it has not displayed aggressive anti-satellite behavior like Russia. How the U.S. will respond to the changing international scene is still unclear.
https://www.space.com/new-report-russia-china-anti-satellite-space-threat
 
China as a ‘cyber great power’: Beijing’s two voices in telecommunications
The phrase “cyber great power” is a key concept guiding Chinese strategy in telecommunications as well as IT more broadly. [...] But the phrase is rarely found in messaging aimed at external foreign audiences, appearing only once in six years of remarks by Foreign Ministry spokespersons. This suggests that Beijing intentionally dilutes discussions of its ambitions in order not to alarm foreign audiences.
https://www.brookings.edu/research/china-as-a-cyber-great-power-beijings-two-voices-in-telecommunications/
 
How the Criminal Justice System Deploys Mass Surveillance on Innocent People
Our study found that 92 percent of states release pre-conviction data. These records often include a variety of personal information, including full names, birthdates, home addresses, and physical characteristics, like height, weight, skin tone, and even tattoos. Once released, this data is mined, scraped, and shared with employers, landlords, and neighbors, leaving a digital footprint nearly impossible to wipe clean.
https://www.vice.com/en/article/xgze7z/how-the-criminal-justice-system-deploys-mass-surveillance-ons-innocent-people
 
Inside the Ransomware Campaigns Targeting Exchange Servers
Check Point Research reports the industries most targeted in these attacks include government and military, manufacturing, and banking and finance. The most affected country is the United States, which makes up 49% of all exploit attempts, the United Kingdom (5%), the Netherlands (4%), and Germany.
https://www.darkreading.com/attacks-breaches/inside-the-ransomware-campaigns-targeting-exchange-servers/d/d-id/1340582
 
A “txt file” can steal all your secrets
Using RLO technology, the phishing file originally named “ReadMe_txt.lnk.lnk” will be displayed as “ReadMe_knl.txt” on the user’s computer. [...] In this way, the user originally thought to open a txt file, but actually executed the code prepared by the attacker. The system will execute the powershell command according to the content of the “target” customized by the attacker, download the malicious program https[:]//iwillcreatemedia[.]com/build.exe, set it as a hidden attribute, and run it.
https://blog.360totalsecurity.com/en/a-txt-file-can-steal-all-your-secrets/
 
Apple Mail Zero-Click Security Vulnerability Allows Email Snooping
[Exploitation] of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim’s Mail configuration, including mail redirects which enables takeover of victim’s other accounts via password resets; and the ability to change the victim’s configuration so that the attack can propagate to correspondents in a worm-like fashion.
https://threatpost.com/apple-mail-zero-click-security-vulnerability/165238/
 
How to Check if Your Phone Number Is in the Huge Facebook Data Leak
The website The News Each Day has a simple tool where you can input your phone number and see if it’s in the leak. Gizmodo tested the tool against some data from the actual Facebook leak and found it to be accurate. For example, we tested Mark Zuckerberg’s phone number, which is included in the leak. It worked. (We assume Zuck has changed his phone number by now.)
https://gizmodo.com/how-to-check-if-your-phone-number-is-in-the-huge-facebo-1846617849
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe