Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 7-9-2020


Researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services. The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches. [...] The number of stolen credentials has risen by more than 300 per cent since 2018, due to a surge in data breaches. An estimated 100,000 separate breaches have taken place over the last two years.


Microsoft takes legal action against COVID-19-related cybercrime

Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.


2020 is on Track to Hit a New Data Breach Record

While the number of publicly reported breaches in Q1 2020 decreased by 58% compared to 2019, the coronavirus pandemic gave cybercriminals new ways to thrive. Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions. However, the surprising decline in disclosed breaches is no cause to celebrate. The lack of disclosure can also be attributed to confusion brought on by the pandemic.


As Cyberattacks Soar, US State and Local Government Entities Struggle to Keep Up

The Economic Impact of Cyber Attacks on Municipalities report revealed the massive economic impact broken down into five target areas: the average financial loss from state and local governments, the denial of service to citizens due to financial loss, the frequency/types of attacks and the risk of recurring attacks, the challenge of allocating capital to prevent attacks and the decline of economic investment in municipalities.


Alerts: Flaws in Ultrasound, Open-Source Hospital Systems

The recent Department of Homeland Security advisories include a June 25 alert about authentication vulnerabilities identified and reported to DHS' Cybersecurity and Infrastructure Security Agency by medical device maker Philips in certain versions of the company's ultrasound systems. The other CISA alert issued on July 2 pertains to a variety of vulnerabilities identified and reported by an independent security researcher relating to OpenClinic GA, an integrated hospital information management system developed by an open-source community on Source Forge.


Nearly 600 online retailers hit with credit card-stealing malware — protect yourself now

A new credit-card-stealing group of cybercriminals has made millions of dollars by targeting more than 570 online retail websites, some of them rather well known, over a period of three years. According to security firm Gemini, the "Keeper" Magecart group has made around $7 million by flogging the details of perhaps 700,00 stolen credit cards on the dark web and has been active in 55 countries since April 2017.


Feds unseal 2018 indictment against suspected Kazakh hacker in Seattle

Turchin, 37, is believed to be in Kazakhstan; prosecutors had kept the indictment sealed to avoid tipping him off that he was being sought. But in a motion to unseal the charges, the U.S. Attorney's Office in Seattle wrote that they now believe Turchin knows about the criminal investigation and, given the security firm's public identification of him, there was little reason to keep the indictment sealed.


Deepfakes and Synthetic Media in the Financial System: Assessing Threat Scenarios

Today the financial threat from synthetic media is low, so the key policy question is how much this threat will grow over time. Leading industry experts diverge widely in their assessments. Some believe firms and regulators should act now to head off serious risks. Others believe the threat will likely remain minor and the financial system should focus on more pressing technology challenges. A lack of data has stymied the discussion.


Banks’ cyber risks rise as COVID spurs digital trends: Moody’s

The report added that banks mitigate cyber risk in three ways. The first is strong corporate governance, including cyber-security frameworks, policy enforcement and reporting. The second is risk prevention and response, and recovery readiness. And the third is information-sharing with other banks, and adoption of international standards and regulatory oversight. These measures combined mean banks' cyber-readiness exceeds that of most other sectors, Moody's said.


Cosmic Lynx cyber crime group takes BEC to new heights

At some point, argued Hassold in a disclosure blog, Russian cyber criminals were going to ask themselves why they were spending so much time and money on infrastructure and malware development when they can just send someone an email, ask for money, and get it. This now appears to be happening, he said. [...] This is one of the most prominent cyber threats faced by businesses today, and organisations are thought to have lost more than $26bn in BEC attacks since 2017. Based on recent figures from the FBI, losses grew by 37% in 2019 alone, accounting for 40% of total cyber crime losses.


More Malware Found Preinstalled on Government Smartphones

Another Android smartphone provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile comes with malware preinstalled, Malwarebytes researchers report. This marks the second time this year researchers found malware preinstalled on government-funded phones. [...] Like the UMX U683CL, the ANS UL40 comes with a compromised Settings app and Wireless Update app. Researchers say the two models don't have the same malware variants, though the infections are similar. The ANS UL40 comes with Android/Trojan.Downloader.Wotby.SEK.


Here’s what tactical Army cyber units will use to conduct operations

The Tactical Cyber Equipment-C4ISR/EW Modular Open Suite of Standards (CMOSS) Chassis (TCE-CC) is meant to provide the foundation for an expandable, modular, frequency-agile and soldier-portable capability for conducting spectrum surveys and delivering area-wide and targeted cyber/electromagnetic activities (CEMA) effects at the tactical edge, a spokesman for the Army’s Program Executive Office Intelligence, Electronic Warfare and Sensors, told C4ISRNET.


Judge in trial of alleged LinkedIn hacker admits doubt in evidence

Alsup’s latest complaint came in response to prosecutor Michelle Kane’s suggestion that phone records collected from Nikulin’s time behind bars were evidence of guilt. [...] “If that is evidence of guilt, then God help us in this country,” Alsup said in comments first reported by Courthouse News. “I don’t see a lot of evidence this particular defendant did this,” the judge went on. “Maybe the scales will fall from my eyes when I hear your brilliant summation.”


China Is NATO’s New Problem

While China’s conventional military threat in the Indo-Pacific is far from NATO’s borders, its hybrid activities are happening in the alliance’s own backyard. Cyber-espionage, intellectual property theft, infiltration of critical infrastructure, debt manipulation, and disinformation are prime examples. While these threats may seem to fall outside of NATO’s purview, they pose serious security risks for the alliance. For instance, China’s desire to invest in Lithuania’s Klaipeda Port may not look like a problem for NATO on its surface. But its investments have worrying strings attached that give China operating control over the infrastructure.


Russian BEC gang Cosmic Lynx fakes M&As to steal millions

Cosmic Lynx’s elaborate attack method sees scammers impersonate the target company’s CEO and an external legal counsel over email. This impersonation is possible when companies do not have a DMARC protocol in place to verify the authenticity of an email. Just 15% of Fortune 500 companies have a DMARC policy set at the appropriate level to prevent email spoofing, according to Agari figures. The majority of targeted employees – 75% – held the title of vice president, general manager, or managing director.


Police Are Buying Access to Hacked Website Data

Motherboard obtained webinar slides by a company called SpyCloud presented to prospective customers. In that webinar, the company claimed to "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice." The slides were shared by a source who was concerned about law enforcement agencies buying access to hacked data. SpyCloud confirmed the slides were authentic to Motherboard.


LAED Act Poses Direct Threat to End-to-End Encryption

Remember the EARN IT Act, which stirred up so much contention back in mid-March? Well, there’s another Act threatening end-to-end encryption too – but it might be little more than a foil for its predecessor. [...] In late June, senators introduced a bill that goes after end-to-end encryption directly. Called the Lawful Access to Encrypted Data Act (LAED), it forbids providers from offering end-to-end encryption in online services and devices unless it can be circumvented by law enforcement. If a provider hasn’t already built such a backdoor, then the Attorney General can force it to do so using an “assistance capability directive.”


New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime

Sophisticated testing is part of what the report calls the "fraud supply chain," as it describes the ecosystem that allows global fraud to be successful. According to the research, the 15 members of the fraud ring dubbed "Bargain Bear" would sell and buy from one another, negotiate prices down to make the exchange seem more legitimate, and even write one another positive reviews.


Help Wanted: Biden campaign hiring cyber professionals

The presidential campaign for former vice president and current Democratic nominee put out a job notice for a senior cyber incident response and threat analyst. According to the notice, the position would work out of the campaign’s Philadelphia headquarters and “collaborate with a team of engineers to identify potential threats and investigate anomalous activity.”

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book