News Desk

Curated cybersecurity news and updates from CI Security™.

Get your cybersecurity briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of CI Security, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cybersecurity, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Get curated cybersecurity news delivered to your inbox.




Latest Cybersecurity News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast - 2-28-2020

Norton LifeLock Phishing Scam Installs Remote Access Trojan
The infection chain starts with a Microsoft Word document laced with malicious macro code. The threat actor relied on a creative tactic to entice victims into enabling macros, which are disabled by default across the Office suite. [...] If the user provides the correct input, the macro keeps executing and builds a command string that ultimately installs NetSupport Manager, a legitimate remote control software. This is achieved in three steps via the VBA shell function:

  • Launches cmd.exe passing the /c parameter - carries out the command and exits
  • Constructs a batch file named 'alpaca.bat'
  • Executes the newly created batch script
https://www.bleepingcomputer.com/news/security/norton-lifelock-phishing-scam-installs-remote-access-trojan/
 
Vulnerabilities in Power Industry Supply Chain Increase Risk of Successful Cyber Attack on the Grid
On the OT side, for example, equipment that could contain cyber threats are part of transmission and distribution control centers, smart grid devices and smart meters, protective relays, outage and restoration software and more. On the IT side, supply chain items that could contain a cyber threat are vital to corporate operations, including customer service, telephone and electronic communications, security, interface with operations systems and many other general corporate functions.
https://www.realclearenergy.org/articles/2020/02/27/vulnerabilities_in_power_industry_supply_chain_increase_risk_of_successful_cyber_attack_on_the_grid_485429.html
 
The 12 Best Network Detection and Response Solutions for 2020 - including CI Security
Choosing the right vendor and tool can be a complicated process — one that requires in-depth research and often comes down to more than just the tool and its technical capabilities. To make your search a little easier, we’ve profiled the best network detection and response solution providers all in one place. We’ve also included platform and product line names and introductory software tutorials straight from the source so you can see each solution in action.
https://solutionsreview.com/network-monitoring/the-12-best-network-detection-and-response-solutions-for-2020/
 
Vendor Management Needed in Light of NRC Health Ransomware Attack
“But generally, it’s ultimately the responsibility of the vendor that controls the data, the data controller if you will, to assess whether the data has been compromised and to make notifications as required under state and federal laws,” Holtzman said. “It’s left to each organization to deal with this issue through their contact with their vendor,” he continued. “Not through the business associate agreement (BAA) because it’s generally not the place to get priorities or specific provisions as to how a vendor is to perform.”
https://healthitsecurity.com/news/after-nrc-health-ransomware-attack-prioritize-vendor-management
 
The .com World: 8 Ways to Keep Digital Patient Data Safe
Despite the growing popularity of patient portals, there are still more than 25% of patients who refuse to use them because of privacy and security concerns, according to a 2018 National Coordinator for Health Information Technology (ONC) study. Considering the sensitive nature of their protected health information (PHI), along with the nearly 5.6 million health records that were compromised last year, those fears are understandable.
https://www.cpomagazine.com/cyber-security/the-com-world-8-ways-to-keep-digital-patient-data-safe/
 
20 Ransomware Statistics You’re Powerless to Resist Reading
1. Ransomware Costs Forecast to Reach $20 Billion by 2021
2. Cost of Ransomware Attacks Surpasses $7.5 Billion in 2019
3. The Average Ransom Payment Amount Increased by 104% in Q4 2019
4. Downtime Costs Are Up 200% Year-Over-Year
5. A Ransomware Attack Costs Oil and Gas Company $30 Million
[...]
https://www.thesslstore.com/blog/ransomware-statistics/
 
Cyberattack on servers was ransomware, says council
An English local authority has confirmed that ransomware is the form of cyberattack behind ongoing IT disruption that started almost three weeks ago, with the council's online services still being disrupted by the incident today. It's the first time that Redcar and Cleveland Borough Council (RCBC) has confirmed network-encrypting malware to be the reason for services having been disrupted from February 8.
https://www.zdnet.com/article/cyberattack-on-servers-was-ransomware-says-council/
 
#RSAC: Latin America's Financial Crime World Sees Huge Expansion
As the attackers were deliberately changing their tactics and infrastructure but tended to use the same profiles, the IntSights research team were able to detect locations. This included one attacker who was based in Colombia, who was originally from Venezuela and had escaped from poverty and government censorship to pursue cybercrime as a career. As well as dealing with economic struggles, political corruption, internet censorship, and the rise of organized crime, cybercrime has emerged in Latin America as attackers are specifically focused on financial gain.
https://www.infosecurity-magazine.com/news/rsac-latin-america-crime/
 
Europe’s Financial Forces Launch Cybersecurity Sharing Initiative
A cross-section of European financial powerhouses – including members of the Euro Cyber Resilience Board for pan-European Financial Infrastructures (ECRB), chaired by the European Central Bank (ECB) – have joined forces to launch a sharing initiative for cybersecurity threat information, ECRB announced on Thursday (Feb. 27). The Cyber Information and Intelligence Sharing Initiative (CIISI-EU) aims to safeguard the financial system by averting and detecting cyberattacks, facilitating data sharing and good practices, and increasing overall awareness of cybersecurity threats.
https://www.pymnts.com/news/security-and-risk/2020/europe-financial-forces-cybersecurity-sharing-initiative/
 
Report Provides Guidance on How Companies Should Address Cyber Risks
While having no legal force and effect, all public companies, even non-SEC registrants, would be wise to consider making the observed practices part of their own cybersecurity risk management strategy as the report may be relied upon in enforcement proceedings or by plaintiff’s counsel in private securities litigation. The report should not be viewed in a vacuum either. It is recent commentary but not the only guidance issued from the SEC regarding cybersecurity related industry practices.
https://www.law.com/thelegalintelligencer/2020/02/27/report-provides-guidance-on-how-companies-should-address-cyber-risks/
 
More Legislation May Be Coming to Bolster the Federal Cyber Workforce
“We’re hiring, come work for us!” he said. But it can take more than a year to make it through queues for security clearances, and that’s just one factor that can dampen enthusiasm for filling out an application to work for CISA, or elsewhere in the government. On Wednesday, key congressional staff speaking at the conference said lawmakers are thinking of ways legislation might help. [...] “So we’re going to be looking to enact some legislation in that space.”
https://www.nextgov.com/cio-briefing/2020/02/more-legislation-may-be-coming-bolster-federal-cyber-workforce/163371/
 
UK to launch specialist cyber force able to target terror groups
The National Cyber Force – containing an estimated 500 specialists – has been in the works for two years but sources said that after months of wrangling over the details, the specialist unit was close to being formally announced. Britain is keen to be seen as a “cyber power” able to disrupt against enemy states, targeting satellite, mobile and computer networks as well as trying to take down communications networks used by terror groups.
https://www.theguardian.com/technology/2020/feb/27/uk-to-launch-specialist-cyber-force-able-to-target-terror-groups
 
Cyber-wrath of Iran for top general's assassination hasn't progressed beyond snooping and nicking logins... yet
Instead, said Secureworks, they just kept on going with their existing campaigns of spying and hoovering up login credentials through spearphishing attacks and the like. [...] They added: "From a threat management and risk assessment perspective, we advise organisations not to conflate ongoing espionage operations with a retaliatory response. However, continually leveraging threat intelligence to assess and improve controls will help network defenders secure their environments against malicious activity regardless of intent."
https://www.theregister.co.uk/2020/02/27/iran_revenge_cyberattacks_hacking_crew/
 
Amazon Transcribe can now automatically redact personally identifiable data
Amazon Transcribe will now enable companies to automatically redact personal data, including credit/debit card numbers, expiration dates, CVV codes, PINs, social security numbers, bank account numbers, customer names, email addresses, phone numbers, and postal addresses. It’s worth noting that Google Cloud Platform offers a data loss prevention API that could be used in conjunction with its speech-to-text service to identify and redact sensitive data.
https://venturebeat.com/2020/02/27/amazon-transcribe-can-now-automatically-redact-personally-identifiable-data/
 
Clearview AI, the controversial facial-recognition company partnering with police, says its entire customer list was stolen in a breach
The company has drawn backlash from privacy advocates and major social-media platforms over its facial-recognition tool, which lets police use a photo of a person to search a database of images from social media and identify people based on their faces. The breach is notable because Clearview markets its services to law-enforcement agencies and has previously avoided disclosing who its clients are.
https://www.businessinsider.com/clearview-ai-list-customers-stolen-breach-2020-2
 
Clearview’s Facial Recognition App Has Been Used By The Justice Department, ICE, Macy’s, Walmart, And The NBA
The startup, Clearview AI, is facing legal threats from Facebook, Google, and Twitter, as well as calls for regulation and scrutiny in the US. But new documents reviewed by BuzzFeed News reveal that it has already shared or sold its technology to thousands of organizations around the world.
https://www.buzzfeednews.com/article/ryanmac/clearview-ai-fbi-ice-global-law-enforcement
 
How secure are Pennsylvania elections after the 2016 hack attempt? Are local voting machines vulnerable?
Individual voting machines aren’t really ideal targets for hackers. Since Pennsylvania voting machines cannot have internet access, hackers would have to directly hardwire dozens of machines without being noticed to swing a countywide election. Larger elections would probably require hardwiring hundreds of machines across the state without anyone catching on. In 2016, the Russian hackers went after voter registration databases, which would allow hackers to create widespread havoc if breached.
https://www.mcall.com/news/elections/mc-nws-your-call-pennsylvania-election-day-cyber-security-20200226-mu7tueu3nrdxnhmqictocym26u-story.html
 
Intel promises Full Memory Encryption in upcoming CPUs
Intel SGX—announced in 2014, and launched with the Skylake microarchitecture in 2015—is one of the first hardware encryption technologies designed to protect areas of memory from unauthorized users, up to and including the system administrators themselves. SGX is a set of x86_64 CPU instructions which allows a process to create an "enclave" within memory which is hardware encrypted.
https://arstechnica.com/gadgets/2020/02/intel-promises-full-memory-encryption-in-upcoming-cpus/
 
Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves
It's basically a way to get up to mischief with Google Assistant or Apple's Siri on a nearby phone without the owner realizing it's you causing the shenanigans nor why it's happening – if, of course, they hear it wake up and start doing stuff. It's a neat trick that could be used to ruin someone's afternoon or snoop on them, or not work at all. There are caveats. It's just cool, OK.
https://www.theregister.co.uk/2020/02/28/smartphone_ultrasonic_hack/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo