IT Security News Blast – 7-30-2021
Security Awareness Training - today 12PM PST8PDT
Join us for our bi-weekly security awareness presentation. Peppered with materials collected over many years, I'll present examples of all kinds of bait, explain how "they" get into your networks, and leave you with some good advice. Meets regulatory requirements for annual training, and we promise it won't be boring.
$1B for state and local cyber grants in Senate infrastructure deal
While the funds would be administered by the Federal Emergency Management Agency — which runs DHS’s existing grant programs — the Cybersecurity and Infrastructure Security Agency would serve as a subject matter expert for awarding this new money.
What are the most concerning trends in health IT? 10 execs weigh in
The pandemic accelerated many trends in healthcare, including telehealth, artificial intelligence and the use of the cloud. However, the race to digitize hospital operations so quickly has exposed some areas of weakness. Here is what nine hospital executives said the most concerning trends in health IT are[.]
Ransomware attacks cost healthcare orgs $20.8B in 2020
"Ransomware pay-outs and efforts to protect or 'harden' healthcare systems and cyber defenses are affecting hospital financial flexibility by increasing on-going operating expenses," Fitch Ratings said July 22. "Attacks may also hinder revenue generation and the ability to recover costs in a timely manner, particularly if they affect a hospital's ability to bill patients when financial records are compromised or systems become locked."
Bringing the CISO and the Board Closer Together
We discussed the heightened expectations from the board, risk management and regulatory community, as well as what CISO's should be doing to prepare for the future. We ended the show with Chris reminding everyone to continue to focus on the basic cyber hygiene while we are building this next generation of cyber security communications and reporting.
South Africa’s Transnet restores operations at ports after cyber attack
The department said late on Wednesday that the main system responsible for container operations had been restored and that the force majeure was under review with the intention to lift it in the coming days.
DoD releases official policy on use of additive manufacturing
The DoD intends to ensure that cyber-physical infrastructure and processes are secure and capable of supporting the use of AM across the life cycle of weapons systems, with the goal of developing and adopting new AM technologies where beneficial to weapon system operational capability or sustainment.
New Cyber Research: Government Leaders See Path to Zero Vulnerability
One key finding of the survey: ninety-one percent of cyber leaders say they want to see their organization shift from an “assume breach” mindset to a breach prevention focus in the next three years. The research further explores if cyber leaders think we can achieve “zero vulnerability” – and the good news is most believe that is achievable.
The Cybersecurity 202: Combating ransomware’s a top priority for the Senate Homeland Security Committee
Leaders of the Senate Homeland Security Committee are poised to introduce legislation aimed at combatting damaging ransomware attacks and launching a probe to thwart criminal hackers who use cryptocurrency to demand and receive multimilllion-dollar ransoms.
For hackers, space is the final frontier
“We should be worried about that if we’re worried about people hacking into our navigation systems. We should be worried about that if we care about our electric grid staying online,” Gregory Falco, a civil engineering professor at Johns Hopkins University, told Recode. “These space systems enable all of this other critical infrastructure that we have, and we don’t even realize it.”
China ‘propped the doors open’ for criminals in Microsoft hack, Australian spy agency boss says
“What then happened was that there was opportunity for all sorts of criminals [and] other state actors – you name it – to pour in behind all those propped-open doors and get into your house or your building. “It’s that action, from a technical point of view, which crossed a line in the judgment of policy agencies in governments around the world.”
Why CISA’s China Cyberattack Playbook Is Worthy of Your Attention
That’s because A) Companies that could potentially be impacted here go far beyond just those of direct strategic interest to China; B) The report includes a list of specific indicators of intrusion by if this particular set of attackers — which would help inform a response plan; and C) It includes both a set of recommended mitigation measures and contact information for the FBI and CISA offices working to address this threat who could be of assistance.
Hackers used never-before-seen wiper in recent attack on Iranian train system
"Despite a lack of specific indicators of compromise, we were able to recover most of the attack components described in the post along with additional components they had missed. Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker."
The Life Cycle of a Breached Database
“You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar, chief technology officer at security firm Emsisoft.
Should ransomware payments be banned?
[Arriving] at sensible public policy outcomes requires examining the incentives and obstacles to making such a ban effective. If the G7’s tough words on tackling the money in ransomware are to mean anything, it’s the sort of issue those countries could look at together, aiming for the sort of financial squeeze on cyber criminals that terrorist groups faced after 9/11. So, what are those incentives and obstacles?
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
The malware-laced document claims to be a "Manifesto of the inhabitants of Crimea" calling on the citizens to oppose Russian President Vladimir Putin and "create a unified platform called 'People's Resistance.'"
FROM STOLEN LAPTOP TO INSIDE THE COMPANY NETWORK
What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.