Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-15-2021

More SolarWinds Attack Details Emerge
Sunspot is a custom program that inserted the so-called Sunburst backdoor into the software build environment of SolarWinds' Orion network management product. [...] Case in point: The source code for Sunburst was embedded in Sunspot, he explains, but the attackers had done something he had never seen before. "We were excited to see source code for Sunburst but realized they had run it through a decompiler and laundered the code" so it was sanitized and left no fingerprints or other clues, he says.
https://www.darkreading.com/threat-intelligence/more-solarwinds-attack-details-emerge/d/d-id/1339885
 
Cloud Attacks Are Bypassing MFA, Feds Warn
“These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services,” the alert outlined. “Despite the use of security tools, affected organizations typically had weak cyber-hygiene practices that allowed threat actors to conduct successful attacks.”
https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/
 
CI Security Adds Chief Revenue Officer & Vice President of Security
Operations to Fuel Growth
“CI Security is quickly becoming the go-to resource for cybersecurity services and solutions in the market. With the addition of Steve Sedlock and the promotion of Kristoffer Turner, we are investing to enhance a world-class executive team,” said Garrett Silver, CEO of CI Security. “I’m proud to be leading a mission-driven team that hunts for threats around-the-clock to catch cyber criminals,” said Turner. “We’re building the best security team amplified by great technology to make sure our customers have the best defense.”
https://ci.security/resources/news/article/ci-security-adds-chief-revenue-officer-vice-president-of-security-operations-to-fuel-growth
 
Pfizer COVID-19 vaccine data leaked by hackers
Pfizer and BioNTech then released a joint statement outlining the nature of the breach: "Today, we were informed by the European Medicines Agency (EMA) that the agency has been subject to a cyber-attack and that some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed.”
https://www.healthcareitnews.com/news/emea/pfizer-covid-19-vaccine-data-leaked-hackers
 
Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor
This new safe harbor requires that when calculating fines, evaluating audits or reviewing proposed mitigation steps, the Department of Health & Human Services (HHS) consider whether the covered entity or business associate adequately demonstrated that it had in place “recognized security practices” for at least 12 months prior that would:
(1) Mitigate HIPAA fines.
(2) Result in the early, favorable termination of a HIPAA audit.
(3) Mitigate the remedies in a HIPAA resolution agreement with HHS.
https://www.jdsupra.com/legalnews/compliance-and-cybersecurity-best-2702374/
 
SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
The Russian hackers behind the SolarWinds attack appear to have avoided large scale exploitation of victims, instead opting to maintain access and collect sensitive data, a joint analysis released Tuesday by BitSight and cyber risk modeling vendor Kovrr found. But if the SolarWinds hackers had been focused on interrupting business and destroying networks, the campaign could have been catastrophic for insurers.
https://www.crn.com/news/security/solarwinds-hack-could-cost-cyber-insurance-firms-90-million
 
Scam-as-a-Service operation made more than $6.5 million in 2020
"The ads usually offer cameras, game consoles, laptops, smartphones, and similar items for sale at deliberately low prices," Group-IB said today. Once users are interested and contact the vendor (scammer), the Classiscam operator would request the buyer to provide details to arrange the product's delivery.The scammer would then use a Telegram bot to generate a phishing page that mimicked the original marketplace but was hosted on a look-a-like domain. The scammer would send the link to the buyer, who would fill it with their payment details.
https://www.zdnet.com/article/scam-as-a-service-operation-made-more-than-6-5-million-in-2020/
 
NASCIO pushes feds for more cybersecurity help
With state cybersecurity budgets less than 3% of overall IT budgets despite growing threats, NASCIO also is asking for a dedicated cybersecurity grant program for state and local governments.  Such a program, NASCIO said, would help state CIOs work with local governments to defend against sophisticated, well-funded attackers. Several bills have been proposed, but none have been signed into law.
https://gcn.com/articles/2021/01/14/nascio-advocacy-cyber.aspx
 
The long game: Why the US must rethink its cyber strategy
The United States should pursue a revitalization of its military and diplomatic approaches to cyber-warfare. The U.S. government’s Cyber-Solarium Report asserts that the United States needs to actively “promote good behavior,” foster better cybersecurity in order to defend national networks and deprive enemies of procuring any benefits, and “maintain the capability, capacity, and credibility to retaliate” should a cyberattack happen.
https://thehill.com/opinion/cybersecurity/534257-the-long-game-why-the-us-must-rethink-its-cyber-strategy
 
Biden Adds Homeland Security, Cyber Heft to White House Team
President Trump's national security adviser Robert O'Brien had trimmed the homeland security position from the NSC. But Biden will add it back, putting Elizabeth Sherwood-Randall in the top job, and Russ Travers as her deputy. [...] Biden also added a new position at the NSC focused specifically on cyber and emerging technology, putting Anne Neuberger in that post. She is currently the National Security Agency's director of cybersecurity.
https://www.npr.org/sections/biden-transition-updates/2021/01/13/956419724/biden-adds-homeland-security-cyber-heft-to-white-house-team
 
NZ central bank hack – are state-backed cyber breaches on the rise?
With the heightened state of cybersecurity awareness, a CNBC survey found that at least half (50%) of American tech executives now believe that state attacks pose the biggest threat to their companies, while 32% of those surveyed further said that defining a national cybersecurity protocol should be the top priority for the incoming Biden administration and new Congress.
https://techwireasia.com/2021/01/nz-central-bank-hack-are-state-backed-cyber-breaches-on-the-rise/
 
Italian data authority takes aim at Whatsapp's privacy disclaimer
WhatsApp, Italy’s most popular messaging platform, said on Jan. 4 it reserved the right to share some data, including location and phone numbers, with Facebook and its units such as Instagram and Messenger. The move has sparked protests among users in Italy and elsewhere, and prompted many to opt for rival services such as Signal or Telegram.
https://financialpost.com/pmn/business-pmn/italian-data-authority-takes-aim-at-whatsapps-privacy-disclaimer
 
Are Your Collaboration Communications Safe? the Hidden Risks Within Video and Collaboration Communications and How To Stay Secure
As the day-to-day activities of these businesses move beyond email and traditional voice communications and increasingly into integrated voice, video and chat platforms like Microsoft Teams, Cisco Webex, RingCentral and Zoom, everything that is shared, shown, spoken about on video, over telephone, shared in file upload, or written in a chat window can become subject to regulatory oversight.
https://www.cpomagazine.com/cyber-security/are-your-collaboration-communications-safe-the-hidden-risks-within-video-and-collaboration-communications-and-how-to-stay-secure/
 
How Law Enforcement Gets Around Your Smartphone's Encryption
But once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone. Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now.
https://www.wired.com/story/smartphone-encryption-law-enforcement-tools/
 
Black PR: Cybercriminals Offer Negative Reputation Services to Help Businesses Target Competitors
Claiming to be an “unofficial division” of of or Russia’s largest PR firm, this “Black PR” offering boasts standard ORM elements like SERM (Search Engine Reputation Management), while also “collecting and posting compromising information, anti-crisis PR, and many other services for non-standard request.” Services here are on a project base and cost $3000-$4000.
https://intsights.com/blog/black-pr-cybercriminals-offer-negative-reputation-services-to-help-businesses-target-competitors
 
Ubiquiti Tells Users to Change Passwords After Breach at Cloud Provider
“We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account,” Ubiquiti said in a notification published on Monday. An investigation into the incident hasn’t revealed evidence that the adversary managed to access databases that host user data. However, Ubiquiti says, it’s still possible that user data might have been exposed in the breach.
https://www.securityweek.com/ubiquiti-tells-users-change-passwords-after-breach-cloud-provider
 
Windows 10 bug corrupts your hard drive on seeing this file's icon
An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.
https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/
 
Russia Says Trump Ban a 'Nuclear Blast in Cyber Space'
"The decision of U.S. internet platforms to block the head of state can be compared to a nuclear blast in cyber space," Russian Foreign Ministry spokeswoman Maria Zakharova said on Facebook. "It's not the destruction that's scary but the consequences," she added. "A blow has been dealt against democratic values proclaimed by the West."
https://www.themoscowtimes.com/2021/01/14/russia-says-trump-ban-a-nuclear-blast-in-cyber-space-a72614

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe