Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 1-14-2021

[WEBINAR] Phishy Little Liars – Cons that Kill
Join Social Engineering expert Alethe Denis, and new to CI’s consulting team, with CISO Michael Hamilton next Thursday, Jan.21, to learn how phishing emails are evolving and evading protective controls. Using her expertise on dark web tactics, Alethe will demonstrate in real-time how social engineering has evolved and is now accelerating ransomware attacks, and what InfoSec teams can do about it. Mike and Alethe will cover strategies to help users avoid the clickbait and report suspicious emails instead.
Security Operations Struggle to Defend Value, Keep Workers
Questions regarding the return on investment of security operations and the increasing cost of retaining security analysts are among the most significant challenges uncovered by the study. More than half of respondents — 51% — consider SOCs to be less valuable, despite the number of breaches increasing, according to the Ponemon Institute. [...] More security workers — 75% — find the stress and repetitive work to lead to burnout, up from 70% a year ago. And a stunning 85% of security analysts consider their job working in a SOC as painful or very painful.
Puget Sound Educational Service District reports data breach
In a press release sent out on Tuesday, further investigation found that certain employee emails were hacked between April 5th and August 6th of 2020. It's unclear what specific information was hacked, but PSESD officials said it could potentially be employees and/or students' names, dates of birth, Social Security numbers, financial account information, and high-level medical information.
HIStalk Interviews Drex DeFord, Healthcare Strategist, CI Security
The other challenge I see over and over is that lots of vendors have silver bullet products that they would like to sell to organizations. The organizations get them, install them, and run them, but then quickly start to realize that it’s going to take more than a fractional FTE to actually get value out of that product. After they have accumulated a whole plate full of these products, they realize they have created a situation where they are more exposed.
The challenges of cybersecurity during global mass vaccination programmes
For example, a ‘standard’ opportunistic ransomware attack targeting a hospital or vaccination hub that makes patient administration and EMR systems unavailable would significantly disrupt vaccinations simply because patient details could not be validated. Take this a step further with a slightly more targeted attack, and you could see pharmacy systems and IoMT devices such as medication fridges and dispensing cabinets being compromised.
How to Boost Executive Buy-In for Security Investments
If CISOs want to better set expectations with executives, they need to take a security-economic approach that answers these questions:
What are we focusing protection on — and is this justified?

  • What levels and types of protection can we provide and at what costs?
  • Do we have realistic plans to develop levels of protection?
  • Can we manage and track our development and operations to ensure cost-efficiency?
  • Can our results be independently verified?
FXCM Chats with Clients Compromised in Cyber Attack
FXCM explained that “according to internal tests, so far, and to the best of our knowledge,” there was no danger to customers’ money, bank account details or account login passwords. The broker also confirmed that no accounts were compromised during such a malicious attempt and further stated its trading platforms are operating as usual.
Three-quarters of finance firms report more potentially criminal activity in their networks
“Due to the massive economic, political and social disruption brought about by Covid-19, international crime syndicates, rogue nations, global terrorists and cyber criminals have become increasingly more aggressive.” The report revealed that IT investment is required at finance organisations to help them stay in line with legislation. Non-compliance of anti-money laundering rules can result in huge fines.
Faster and More Comprehensive Breach Notification Requirements Proposed for Banks
The Proposed Rule would fundamentally change a bank's current notification obligations under the Gramm-Leach-Bliley Act (GLBA) and the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice (the Interagency Guidance) and the Interagency Guidelines Establishing Information Security Standards (the Interagency Guidelines) by attaching specific notification timelines, explicitly defining triggering events, and imposing delineated obligations on banking service providers.
Iranian venture firm investing in cyber tech is subject of US sanctions
Treasury’s Office of Foreign Assets Control identified the firm, Barkat Ventures, as an arm of an organization that the supreme leader of Iran controls called EIKO, short for Execution of Imam Khomeini’s Order. The sanctions also targeted a second Komeini-controlled organization, Astan Quds Razavi. [...] Barkat Ventures has a small profile outside Iran. An apparent company website cites its desire to invest in technologies such as the internet of things, electronic health, cryptocurrency and software as a service.
Microsoft President Brad Smith: SolarWinds Attack Violated ‘Norms And Rules’ Of Government Activities
“Governments have spied on each other for centuries. It would be naive to think or even ask them to stop,” Smith said in a pre-recorded keynote address at the digital CES 2021 conference Wednesday. “But we’ve long lived in a world where there were norms and rules that created expectations about what was appropriate and what was not. And what happened with SolarWinds was not.”
The SolarWinds Cyberattack and the Need for Hyper-Vigilance
The question everyone should be asking themselves now is, "OK, what other vendors/suppliers/third parties have we granted access to whose security posture we don't really know?" This kind of supply chain attack is both subtle and deceitful and creates significant trust issues between customers and their vendors. [...] [You] should be reviewing all of your third-party contracts and arrangements to see what security requirements they should be living up to and, if they are deficient, begin renegotiating immediately.
Pentagon’s $2 Billion Cybersecurity Project Slowed by Flaws
The effort to consolidate hundreds of U.S.-based and global systems continues to be fielded to non-classified networks even though test assessments since 2016 have continually shown it’s “unable to help network defenders protect DoD component networks against operationally realistic cyber attacks,” testing chief Robert Behler wrote in his latest criticism of the project known as the Joint Regional Security Stack.
Social media disputes show EU worries over cyber power
Merkel reportedly objected to the decision to ban Trump, saying that lawmakers, not private tech companies, should set the rules governing the freedom of speech. Her stance was echoed by Le Maire, who said that the state, not "the digital oligarchy," is responsible for regulations, calling big tech "one of the threats" to democracy.
After US Capitol assault, a different cybersecurity threat emerges
The kind of information you’d get from a presentation laptop, or House Speaker’s emails, or their aide’s notes would not be “top secret.” It could reveal schedules, inauguration plans, personal information, operational details, contact lists, details from presentations, and more. Like info that could be used for phishing, impersonation, and worse. [...] Yet for attackers that want to terrorize and kill individuals or a group of lawmakers, what’s on that building’s network and its hardware certainly makes it a “high value” target.
'Largest illegal darknet marketplace' DarkMarket taken offline
The detained man, believed to be DarkMarket's operator, is a 34-year-old Australian national. Authorities say drugs, counterfeit money, stolen credit card data, anonymous SIM cards and malware were all traded on the site, which had a half a million users and transacted business in cryptocurrencies equivalent to a value of €140 million ($170 million).
Filing: Amazon warned Parler for months about “more than 100” violent threats
"This case is about Parler's demonstrated unwillingness and inability" to remove actively dangerous content, including posts that incite and plan "the rape, torture, and assassination of named public officials and private citizens... AWS suspended Parler's account as a last resort to prevent further access to such content, including plans for violence to disrupt the impending Presidential transition."
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
“We discovered two exploit servers delivering different exploit chains via watering-hole attacks,” he wrote. “One server targeted Windows users, the other targeted Android.” [...] The team spent months analyzing the attacks, including examining what happened post-exploitation on Android devices. In that case, additional payloads were delivered that collected device fingerprinting information, location data, a list of running processes and a list of installed applications for the phone.
Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulns in Windows Defender
CVE-2021-1647 is a Microsoft Defender remote code execution (RCE) vulnerability. In a blog post, Zero Day Initiative's Dustin Childs speculates that the flaw, which for some may already have been patched automatically, could have played a role in the SolarWinds fiasco.
Pirate Bay Founder Thinks Parler’s Inability to Stay Online Is ‘Embarrassing’
“The Pirate Bay, the most censored website in the world, started by kids, run by people with problems with alcohol, drugs and money, still is up after almost two decades,” Kolmisoppi said. “Parlor and gab etc have all the money around but no skills or mindset. Embarrassing.”

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book