Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-15-2020

Iranian APT group hits schools, universities in global spear phishing attacks

Silent Librarian operates by registering Top-level domains (TLD) with names similar to schools and colleges. A look at some of the sites operated by the group shows many of them had their login page cloned from original university sites to trick users into giving away their login credentials.


US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now

Microsoft states that the CVE-2020-16898 bug, also known as 'Bad Neighbor', is a remote code execution (RCE) vulnerability in the Windows TCP/IP stack that can also be used to trigger a denial of service (DoS) leading to a Blue Screen of Death (BSoD). This bug can be exploited remotely by unauthenticated attackers who send maliciously crafted ICMPv6 Router Advertisement packets to a target Windows computer.


Industry least fretful over work-from-home cyberthreats: Healthcare

Of those healthcare IT people who did feel more vulnerable during the work-from-home trend than before it started, this subgroup collectively named its biggest concerns as:

·       60%—Suffering stronger or more frequent cyberattacks

·       60%—Having network users who may ignore security guidelines

·       40%—Unexpected security gaps caused by widespread working from home

·       20%—Security sacrificed to maximize availability


Healthcare organizations' cybersecurity becoming more fragile amid pandemic: 7 key stats

Seven key findings from the report:

·       Thirty-two percent of respondents said their organization experienced a ransomware attack during the pandemic's first few months (before the survey was conducted).

·       Thirty-seven percent of respondents said their healthcare organization experienced a phishing incident, and 39 percent said they experienced an IT staff error. Thirty-seven percent reported there was an improper data sharing incident at their organization.


New York calls for cyber security oversight of social media companies after Twitter hack

“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity," said Superintendent of Financial Services Linda Lacewell. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.”


FIN11 uncovered: Hacking group promoted to financial cybercrime elite

The group uses malicious Microsoft Office files to deliver conventional financial lures including ‘sales order’, ‘bank statement’, and ‘invoice’, but more recently it has targeted pharmaceutical firms with lures including ‘research report’ and even ‘laboratory accident’. The documents deliver the FRIENDSPEAK downloader, which in turn deploys the MIXLABEL backdoor.


Security Think Tank: Adapting defences to evolving ransomware and cyber crime

While ransomware attacks such as WannaCry were at first scattergun, aiming to obtain a small ransom from a large number of targets, the criminal’s strategy has predictably evolved to target specific organisations and look for much larger individual payouts, sometimes into the millions of pounds. The most frequent sectors to be targeted are legal, healthcare, government, financial and industrial control systems.


As the 2020 US presidential election approaches, cybersecurity risks abound

Election-related domains are 56% more likely to be malicious than other new domains

16% of all election-related domains created in September were malicious

24% increase in new registered election-related domains since mid-August


The Cybersecurity 202: A ruling against expanding online voting is a win for cybersecurity advocates [Subscription]

“We know that there are actors looking to use cyber warfare to attack our election,” Lawrence Norden, director of the Election Reform Program at New York University's Brennan Center for Justice, told me. “Opening up another potential target for cyberattacks at this moment, with 21 days left before the election, doesn’t seem like a good idea.”


States Should Use 2020’s Cyber Challenges to Their Advantage

Something of a new concept, whole-of-state asks governments to broaden their scope of concern beyond state agencies. By pursuing initiatives to collaborate with both the private sector and other levels of government, including "local, city and county governments, legislative and judicial branches of government, and public higher education," states can respond to threats against their own agencies — while also offering support to entities, like local governments, that may not have the same level of resources or awareness.


A Trickbot Assault Shows US Military Hackers' Growing Reach

Over the past weeks, Cyber Command has carried out a campaign to disrupt the Trickbot gang's million-plus collection of computers hijacked with malware. It hacked the botnet's command-and-control servers to cut off infected machines from Trickbot's owners, and even injected junk data into the collection of passwords and financial details that the hackers had stolen from victim machines, in an attempt to render the information useless.


Space becoming next ‘front’ of cyber warfare

“Space is becoming congested and contested, and that contested aspect means that we’ve got to focus on cybersecurity in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out.” [...] Attacks such as the denial of service (DDoS) could be as devastating to a satellite constellation as a direct kinetic attack, Thompson said: “Loss of control of these constellations really could be catastrophic from a mission perspective or from a satellite tumbling out of lower earth orbit perspective.”


New website predicts likelihood of cyber attacks between nations

"The site attempts to anticipate and predict where the next major cyber conflict could break out based on existing data from past attacks," said Dahbura, executive director of the Johns Hopkins Information Security Institute and co-director of the new Johns Hopkins University Institute for Assured Autonomy. "It's a very good approximation of what's hot and what's not."


3TB of clips from exposed home security cameras posted online

While security cameras play a vital role in remotely monitoring children, the elderly, and pets, etc., they are also a lucrative target for cybercriminals especially when a huge number of these devices are known to be vulnerable and exposed to public access. [...] According to authorities, these clips featured victims in compromising positions, such as some undressing, using toilets, couples, mothers breastfeeding, and even children.


Next generation controls for information systems and organizations now includes key focus on privacy

Though not yet finalized, Revision 5 represents a fundamental restructuring of 800-53 to make it more inclusive and serve an even broader base of users—from enterprise programs using 800-53 with a Risk Management Framework to a new constituency of IT roles that didn’t exist prior to the revision. These new areas of focus strengthen security and privacy governance and accountability, support system survivability from attack, and support secure system design.


Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances

The company scanned a total of more than 2,200 virtual appliances from 540 vendors in April and May, and identified over 400,000 vulnerabilities. The virtual appliances were obtained from marketplaces associated with cloud platforms such as AWS, VMware, Google Cloud Platform, and Microsoft Azure, but Orca says these virtual appliances are in many cases the same as the ones provided directly by vendors.


Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

“A remote attacker in short distance knowing the victim’s bd [Bluetooth] address can send a malicious l2cap [Logical Link Control and Adaptation Layer Protocol] packet and cause denial of service or possibly arbitrary code execution with kernel privileges,” according to a Google post on Github. “Malicious Bluetooth chips can trigger the vulnerability as well.”


Intel celebrates security of Ice Lake Xeon processors, so far impervious to any threat due to their unavailability

SGX consists of security-oriented instructions and features, baked into Intel silicon, that allow applications to run code in private memory areas called secure enclaves that cannot, in theory, be accessed by the operating system, hypervisor, and any other software. The idea is that you can run secret, sensitive stuff in an enclave, such as DRM decryption, without being snooped on.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book