Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 6-4-2021

Exchange Servers Targeted by ‘Epsilon Red’ Malware
While the malware itself is a “bare-bones” 64-bit Windows executable programmed in the Go programming language, its delivery system is a bit more sophisticated, relying on a series of PowerShell scripts that “prepared the attacked machines for the final ransomware payload and ultimately delivered and initiated it,” he wrote.
https://threatpost.com/exchange-servers-epsilon-red-ransomware/166640/
 
Hackers have a devastating new target
Ransomware is not new. But there is a growing trend of hackers targeting critical infrastructure and physical business operations, which makes the attacks more lucrative for bad actors and more devastating for victims. And with the rise of remote work during the pandemic, significant vulnerabilities have been revealed that only make it easier to carry out such attacks.
https://www.cnn.com/2021/06/03/tech/ransomware-cyberattack-jbs-colonial-pipeline/index.html
 
Experts: Scripps cyberattack could have long lasting consequences
Mike Hamilton with CI Security said on Wednesday that there are a few big questions. He asked, "Is there actual harm to the people whose records were disclosed or were they just used as leverage to get the ransom paid? Then, what's going to happen in terms of the inquiries into the executive behavior? In terms of resourcing security prior to this event?"
https://www.10news.com/news/local-news/experts-scripps-cyberattack-could-have-long-lasting-consequences
 
Cybercriminals Ramp Up Attacks on Healthcare, Again
The HSE attack used Conti ransomware and is believed to have been orchestrated by Wizard Spider, a St. Petersburg, Russia based cybercrime gang that is part of the world’s first “cyber-cartel.” The cyber-cartel includes four additional Russia-based cybercrime gangs, and it is a dominant player in global ransomware attacks.
https://securityboulevard.com/2021/06/cybercriminals-ramp-up-attacks-on-healthcare-again/
 
Then and Now: Securing Privileged Access Within Healthcare Orgs
Over the last three decades, most healthcare organizations have carried out digital-transformation initiatives, moving patient records and data to networks and cloud environments. Let us take a look back to see how the storage, security and access to patient records has evolved into what it is today.
https://threatpost.com/securing-privileged-access-healthcare/166477/
 
Cyber insurers recoil as ransomware attacks ‘skyrocket’
For US insurer AIG, the tougher underwriting approach put in place this year starts with an additional 25 detailed questions on clients’ security measures. “If [clients] have very, very low controls, then we may not write coverage at all,” Tracie Grella, AIG’s global head of cyber insurance, told the Financial Times.
https://www.ft.com/content/4f91c4e7-973b-4c1a-91c2-7742c3aa9922
 
North Korean Cyberattacks Pose Threat to U.S.
The number of North Korean cyberattacks on financial institutions is alarming, with dozens of those attacks targeting vulnerable financial institutions and cryptocurrency exchanges in at least 17 countries. [...] From cyberattacks on banks and other financial institutions, Pyongyang has garnered at least $2 billion.
https://www.heritage.org/cybersecurity/commentary/north-korean-cyberattacks-pose-threat-us
 
Hackers targeting financial services sector as more consumers bank online, data show
The percent of suspected digital fraud attempts across U.S. industries rose 25% during the first four months of 2021 when compared to the last four months of 2020, according to research from credit company TransUnion. In the U.S., attempts against the financial service sector jumped 109%.
https://www.foxbusiness.com/personal-finance/hackers-financial-services-sector-more-consumers-bank-online-data-shows
 
Biden puts anti-corruption at center of foreign policy, with focus on crypto and cybersecurity
The official said major parts of the directive will be focused on financial crimes, including steps to modernize existing anti-corruption laws to confront cryptocurrencies and cybercrime. “We are looking at crypto as a means of illicit finance,” the official said, “but by no means are these new steps limited to new technologies like crypto.”
https://www.cnbc.com/2021/06/03/biden-puts-anti-corruption-effort-at-center-of-foreign-policy-with-crypto-cyber-focus.html
 
White House sends out memo to private sector on cyberattack protections
Among the steps Neuberger said companies should take are implementing multifactor authentication, bolstering security teams, regularly testing backups and updating patches, testing incident response plans and separating and limiting internet access to operational networks.
https://thehill.com/policy/cybersecurity/556625-white-house-sends-out-recommendations-to-private-sector-on-protections
 
'They are hair on fire': Biden administration mulls cyberattacks against Russian hackers
Although using the military to take action against criminals wouldn't be without precedent, it's controversial in legal circles, and any American cyber action against targets in Russia would risk retaliation. But officials say criminal ransomware attacks from abroad, once a nuisance, have become a major source of economic damage, as the disruption of gasoline and meat supplies in recent weeks has illustrated.
https://www.nbcnews.com/politics/national-security/they-are-hair-fire-biden-admin-mulling-cyber-attacks-against-n1269575
 
Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia
The use of weaponized copies of legitimate-looking official documents also suggests that "the attackers first had to attack another department within the targeted state, stealing and weaponizing documents for use against the Ministry of Foreign Affairs," said Lotem Finkelsteen, head of threat intelligence at Check Point.
https://thehackernews.com/2021/06/experts-uncover-yet-another-chinese.html
 
Japanese Government Agencies Suffered Cyber Attack Exposing Proprietary Data
They exfiltrated flight schedules, air traffic control data, and business operations data from the Narita Airport. Similarly, study materials from Japan’s Ministry of Foreign Affairs were exposed. Japan’s Cabinet Secretariat’s national cybersecurity center advised government agencies and critical infrastructure organizations relying on Fujitsu’s information-sharing tool to check for indicators of compromise.
https://www.cpomagazine.com/cyber-security/japanese-government-agencies-suffered-cyber-attack-exposing-proprietary-data/
 
Supreme Court Limits Reach of Federal Law on Computer Crime
The Supreme Court on Thursday narrowed the scope of a federal law that makes it a crime to gain access to computer files without authorization. By a 6-to-3 vote, the court sided with a former police officer in Georgia who used his position to search digital license-plate records for an illicit purpose. [...] “This provision covers those who obtain information from particular areas in the computer — such as files, folders or databases — to which their computer access does not extend,” she wrote. “It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”
https://www.nytimes.com/2021/06/03/us/supreme-court-computer-crime.html
 
Google PPC Ads Used to Deliver Infostealers
On Wednesday, breach prevention firm Morphisec posted an advisory in which it said that over the past month, it’s investigated the origins of paid ads that appear on the first page of search results and that lead to downloads of malicious AnyDesk, Dropbox and Telegram packages wrapped as ISO images.
https://threatpost.com/google-ppc-ads-used-to-deliver-infostealers/166644/
 
Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
The findings follow an earlier analysis in February that found similar weaknesses in the Realtek RTL8195A Wi-Fi module, chief among them being a buffer overflow vulnerability (CVE-2020-9395) that permits an attacker in the proximity of an RTL8195 module to completely take over the module without having to know the Wi-Fi network password.
https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html
 
Huawei officially replaces Android with HarmonyOS, which is also Android
The second version of Harmony OS is for phones and tablets and is a fork of Android and uses the Linux kernel (Huawei is very reluctant to admit this). Having what seems like two totally different operating systems share the same brand name leads to a lot of confusion, and you can make a lot of claims about the IoT version of HarmonyOS that don't apply to the phone version.
https://arstechnica.com/gadgets/2021/06/huaweis-harmonyos-will-rollout-to-100-android-models-over-the-next-year/
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of Critical Insight Inc, DBA CI Security.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2021 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


We host NEVER BORING free security awareness training 
 every other Friday.
Register and/or send your colleagues and friends. Let's educate users together! 

Add this Email to Your Address Book





unsubscribe