Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 10-16-2020

Hackers exploit VPN, Windows flaws to influence US elections

As for the new warning; the attack in question is a Vulnerability Chaining one as the threat actors are targeting multiple vulnerabilities for one single access point. These are centered around CVE-2018-13379, a vulnerability in the Fortinet FortiOS Secure Socket Layer (SSL) VPN, and CVE-2020-15505, a vulnerability in the MobileIron platform, both of which may be used by attackers to access servers unauthorizedly.


Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

Adding insult to injury, this particular flaw exists in a pre-authentication routine, and within a component (SSL VPN) which is typically exposed to the public internet. “The most notable aspect of this vulnerability is that the VPN portal can be exploited without knowing a username or password,” Young told Threatpost. “It is trivial to force a system to reboot…An attacker can simply send crafted requests to the SonicWALL HTTP(S) service and trigger memory corruption.”


How Cybercriminals Are Exploiting the Pandemic (and How to Stop Them)

“In the beginning, maybe, a lot of the bad actors said that because of COVID-19 they would not attack — that has not been our experience,” said Karl West, CISO and assistant vice president of IT at Salt Lake City-based Intermountain Healthcare, who spoke as part of an online panel hosted this summer by the Healthcare Information and Management Systems Society. Instead, hackers have shifted and refined their tactics to catch busy clinicians off guard and to conduct phishing schemes that play on the public health crisis.


Minimising security risks when handling sensitive patient data with cloud services

If you do not currently work with a SOC, you should consider doing so. Having security logs in place and not monitoring them means you are always reactive to security threats, if you are even aware of them at all. If your size or budget does not warrant a SOC, then ensure you are gathering and keeping the logs at minimum, to allow you to bring in forensic data breach investigators in the event of the worst happening.


We need a new information-sharing paradigm. Here's why

The World Economic Forum has recently published a report that identifies seven major barriers to cyber information sharing that need to be addressed to help build collective security – from addressing an increasingly complex regulatory landscape, to issues over trust and privacy, and organizations having access to the right tools, capabilities and skills.


Weighing Effects of Treasury’s Ransomware Pay Warnings on Cyber Victims and Insurers

The warnings appear to be more a reminder of the rules and penalties already in place to discourage ransomware payments than they are a response to any wrongdoing. However, they have been issued at a time when ransomware is on the rise. According to the Federal Bureau of Investigation, there was a 37 percent increase in ransomware cases and a 147 percent annual increase in associated losses from 2018 to 2019.


Barnes & Noble cyberattack exposed customers' personal information

On Monday, Barnes & Noble sent customers an email to notify them about the cyberattack. The company made clear that customers' financial information had not been exposed. Their transaction history, however, was potentially exposed. The company said "transaction history, meaning purchase information related to the books and other products that you have bought from us" were retained in the systems that were impacted by the cybersecurity attack.


State and local governments under siege from cyber threats

The report also details focus areas for states during the COVID-19 pandemic. While the pandemic has highlighted the resilience of public sector cyber leaders, it has also called attention to long-standing challenges facing state IT and cybersecurity organizations such as securing adequate budgets and talent, and coordinating consistent security implementation across agencies.


Trickbot and its one million zombie computers: US election under threat?

That could mean that "the systems that manage electoral data could be compromised, blocked by ransomware, which could hinder the counting of votes", Nguyen said. An incident of that kind would add grist to the mill of the incumbent. Donald Trump doesn't let an opportunity go by to suggest that the upcoming election might be "the most rigged election in history".


Iran acknowledges cyberattacks on government departments

Iran’s cybersecurity authority acknowledged cyberattacks on two governmental departments this week, state media reported Thursday. The cyberattacks occurred Tuesday and Wednesday and were under investigation, the state-owned IRAN daily newspaper said. While the report did not say which government departments were targeted, it called the attacks “important” and said some other departments temporarily took down their online services as a precaution against further attacks.


The United States Needs a Red Team to Protect the Election

If the power grid in large swaths of the United States goes down on Election Day, people will focus all their attention on trying to figure out what’s wrong and how to get power back; the act of voting will become an afterthought. Russian hackers have been probing energy utilities’ information technology systems, and, according to the cybersecurity firm Claroty, more than 70 percent of the control system vulnerabilities disclosed in the first half of 2020 can be exploited remotely.


Facebook, Twitter aim to slow spread of New York Post article amid disinformation concerns

Facebook said it would reduce the spread of the story until its fact-checkers have had a chance to evaluate the authenticity of the article, spokesman Andy Stone said in a tweet. Twitter, meanwhile, stopped users from sharing links of the article, saying it violated the company’s policy against sharing hacked material.


Lawmakers Demand Investigation into Surveillance of BLM Protests

In the letter, the lawmakers point to how U.S. Customs and Border Protection deployed various aircraft, including a Predator drone, over U.S. cities; and how the FBI flew its own smaller aircraft above Washington D.C. The letter also mentioned that the Drug Enforcement Administration was granted authority to carry out covert surveillance on protesters responding to the murder of George Floyd, as reported by BuzzFeed News.


In Response to the Lawful Access to Encrypted Data Act

If passed, this bill would require technology companies to assist law enforcement with search warrants that seek encrypted data—exposing potential risks and contradicting global data policy regulation trends. Much like the EARN IT Act introduced back in January, I feel that there are concerning undertones of anti-speech and anti-security themes within the Lawful Access to Encrypted Data Act.


Carnival Corp. Ransomware Attack Affects Three Cruise Lines

Carnival Cruise Line, Holland America Line and Seabourn were the brands affected by the attack, which Carnival is still investigating, the company said in an update on the situation this week. Carnival has been working with cybersecurity consultants to recover its files and believes there is a a “low likelihood of the data being misused,” the company said.


Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving sensitive information such as details about medical prescriptions and financial loans.


Cybercrime increasingly converging towards ransomware, cartel models

In a new report released today, Mandiant spotlights the evolution of FIN11 – a financially motivated hacking group – from specializing in high-tempo, high-volume malicious email campaigns to a laser-like focus on ransomware and extortion. The shift is “emblematic” of the way established groups have pivoted their operations to the lucrative ransomware industry as companies continue to pay an increasingly high price to have their systems and data unlocked.


NIST Quantum Cryptography Program Nears Completion

It sometimes feels like we've been talking about quantum computing for decades. But last month finally brought an announcement that promises to bring the age of quantum computing an undeniable step nearer to reality: The National Institute of Standards and Technology (NIST) is ready to announce the first post-quantum cryptography standard. Nearly.


UK woman allegedly hacked into ex’s Alexa to scare off new girlfriend

Alexa, how do I go all “Fatal Attraction”? A jilted London woman allegedly hacked into her ex-boyfriend’s Amazon Alexa device and used it to scare off his new girlfriend, a report said. Philippa Copleston-Warren, 45, was accused in a London court of using the virtual assistant to flash the lights inside her former boyfriend’s house on and off and tell his new sweetie to scram after he ended their relationship of two years, The Sun reported.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book