Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-20-2021

[WEBINAR] Phishy Little Liars – Cons that Kill
Tomorrow at 11am PT/2pm ET - There is still time to register and join Social Engineering expert Alethe Denis and CISO Michael Hamilton (1/21/21) to learn how phishing emails are evolving and evading protective controls. Using her expertise on dark web tactics, Alethe will demonstrate in real-time how social engineering has evolved and is now accelerating ransomware attacks, and what InfoSec teams can do about it. Mike and Alethe will cover strategies to help users avoid the clickbait and report suspicious emails instead.
Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response
“Considering the sophistication demonstrated by the threat actors, who left little forensic evidence and took extensive steps to cover their tracks, it is realistically possible that more malware strains may have been used in the attack which have not yet been identified,” Righi said. “Few cyber incidents have gotten this much attention and postmortem analysis. This will likely result in more malware strains being discovered and reported as more of the scope of the attack is revealed.
Don’t overlook the most consequential control system cyber events of 2020
Two of the most consequential control system cyber attacks in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers and the second event was the Russian SolarWinds cyberattack. They were both supply chain attacks of trusted suppliers that were not detected by IT network monitoring or threat intelligence in a timely fashion. In both cases, there is potential for substantial physical damage. Yet, in both cases, there has been minimal focus on the control systems.
Addressing telehealth's cybersecurity risk will be an industry-wide problem
At the second installment of the American Telemedicine Association's EDGE policy conference on Tuesday, leaders in the healthcare space reiterated the importance of cybersecurity as a patient safety issue. "We've been measuring the risks and the threat for telemedicine-type services for many years," said Christopher Logan, director of healthcare industry strategy at VMWare. Even before the COVID-19 pandemic, "healthcare already had a cyber target on its back," said Logan.
560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020
The education sector saw the greatest number of successful attacks with 1,681 schools, colleges, and universities impacted by the threat. Federal, state, and municipal governments and agencies reported 113 successful attacks. [...] “The impact of the attacks was alarming: ambulances were rerouted, radiation treatments for cancer patients were delayed, medical records were rendered temporarily inaccessible and, in some cases, permanently lost, while hundreds of staff were furloughed as a result of the disruptions,” researchers wrote.
Does Work-From-Home Work for Your Company's Cyber Insurance?
What is different for 2021 and beyond is the impact that work-from-home may have on the attestations many cyber policies require insureds to make about network security issues. These are generally fairly standard, and address issues such as encryption, backups, and access protocols. But they were designed for a world where most network access happened in controlled workplace environments that were easier to protect.
Livecoin slams its doors shut after failing to recover from hack, financial loss
As previously reported by ZDNet, the Russian cryptocurrency exchange claimed it had been hacked roughly around Christmas, with the alleged cyberattackers seizing control of Livecoin systems in order to tamper with exchange rate values. Bitcoin (BTC) exchange rates were changed from $23,000 at the time to over $450,000, and Ethereum grew from $600 to $15,000. Smaller cryptocurrency rates were also impacted. As Livecoin asked users to stop all activity, the threat actors began cashing out, reaping profit in the process.
GDPR Penalties Escalate As EU Officials Crack Down
The biggest fine so far — €50 million — was levied against Google in 2019 by CNIL, the French data protection authority. The watchdog said that the search giant wasn’t transparent about how it collects data and doesn’t have a legal reason for personalizing advertisements. “It is positive to see that the number and size of the fines imposed under the GDPR continue to grow,” Estelle Massé, senior policy analyst at Access Now, told FT.
Questions raised by New Zealand central bank boss, following cyber attack investigation
Although the breach came via a technology supplier’s software – Accellion’s File Transfer Application – the central bank’s governor, Adrian Orr, said the bank had fallen short in protecting stakeholders. “There are serious questions that need to be answered about how this incident occurred and how to strengthen our systems and processes,” he said.
Okanogan Co. government hit with cyber attack, working to restore systems
The Okanogan County government is dealing with a computer cyber attack that has impacted its phone system and emails. The attack is also affecting Okanogan County Public Health, according to the Okanogan County Sheriff’s Office. A specialized team is working with the county to revive the system. In the meantime, offices will be open for limited services and the county will provide daily updates at 5 p.m. through the Okanogan County Alerts.
U.S. National Cybersecurity Plan Promises to Safeguard Maritime Sector
The Maritime Cybersecurity Plan would help the federal government to “buy down the potential catastrophic risks to our national security and economic prosperity” inherited by the dependence of the maritime sector organizations on emerging technologies, said O’Brien. To achieve this goal, the Plan defines three objectives:

  • Risks and Standards
  • Information and Intelligence Sharing
  • Create a Maritime Cybersecurity Workforce
Mayorkas calls for review of Einstein, CDM
Mayorkas said he would conduct "a thorough review of Einstein and Continuous Diagnostics and Mitigation [programs] to understand whether Einstein and CDM … are appropriately designed and appropriately and effectively executed" to stop a threat such as SolarWinds. "And if not, what other defenses need we develop in the federal government to best protect our very valuable equities and resources?"
Incoming Biden administration looks to shake up US cybersecurity policy
Over the past four years, the US carried out cyber operations to shut down Russian troll farms and Iranian military targets. “That shouldn’t change under the Biden administration,” Jay Kaplan, CEO of crowdsourced security firm Synack, told The Daily Swig. “The SolarWinds hack is a clear sign that we must be more aggressive when it comes to hitting back against adversaries who attack us in cyberspace.” “We can’t just sit back and accept breaches, hacks, and digital extortion,” he added.
US President Trump orders security assessment for Chinese-made drones
The new executive order, signed on Monday, will require agencies to perform security risk assessments on drones made in any country considered a "foreign adversary," which could include China, Russia, Iran, and North Korea. As noted by the news agency, the executive order also requires risk assessments to include any "potential steps" to mitigate risk; such as, "if warranted," removing them entirely from federal service.
Amazon Sold Location Data from Controversial Broker X-Mode
The news highlights an often overlooked section of the location data industry: reselling by tech giants such who may not directly collect the data themselves but do provide large scale platforms for others to purchase and sell it. In this case, AWS was selling this data via its Marketplace platform, where developers can sell their own data.
DNSpooq lets attackers poison DNS cache records
The vulnerabilities tracked as DNSpooq, impact Dnsmasq, a DNS forwarding client for *NIX-based operating systems. [...] The DNSpooq vulnerabilities, disclosed today by security experts from JSOF, are dangerous because they can be combined to poison DNS cache entries recorded by Dnsmasq servers. Poisoning DNS cache records is a big problem for network administrators because it allows attackers to redirect users to clones of legitimate websites.
Malwarebytes said it was hacked by the same group who breached SolarWinds
Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network. Instead, the security firm said the hackers breached its internal systems by exploiting an Azure Active Directory weakness and abusing malicious Office 365 applications.
FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion
“Detection of forged SAML tokens actively being used against an organization has proven to be difficult,” the white paper notes. “One possibility is to compare entries in the Azure AD Sign-Ins log against the security event logs of the on-premises AD FS servers to ensure that all authentications originated from AD FS.”
Trump’s Worst, Most Bizarre Statements About ‘the Cyber’
"I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable. The security aspect of cyber is very, very tough. And maybe it's hardly do-able. But I will say, we are not doing the job we should be doing." In that moment, it became clear to cybersecurity professionals around the world that, should this man obtain the most powerful office in America, the next several years of politics were going to be very painful to listen to.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book