News Desk

Curated cyber security news and updates from Critical Insight™.

Get your cyber security briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of Critical Insight, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cyber security, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Get curated cyber security news delivered to your inbox.




Latest Cyber Security News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 11-25-2020

Ransomware Grows Easier to Spread, Harder to Block
"I think we're seeing them look at all the options they have, see phishing as high effort, high cost, and see mass exploitation as low effort, high payoff," he adds. In 2019 and 2020, many security researchers explored vulnerabilities in edge devices, Clarke continues. Their efforts led to the discovery of high-impact bugs that could enable access for unauthenticated attackers.
https://www.darkreading.com/threat-intelligence/ransomware-grows-easier-to-spread-harder-to-block/d/d-id/1339522
 
Blackbaud Faces Another Lawsuit, as More Healthcare Victims Reported
The lawsuit alleges that the breach was caused by the vendor’s failure to implement adequate and reasonable cybersecurity measures and protocols necessary for protecting individuals’ PII stored in its cloud. Further, Blackbaud “disregarded the rights of [individuals] by, inter alia, intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure their data and cyber security systems were protected against unauthorized intrusions,” the suit alleges.
https://healthitsecurity.com/news/blackbaud-faces-another-lawsuit-as-more-healthcare-victims-reported
 
Cyber-attacks Reported on Three US Healthcare Providers
Warnings went out to patients of Advanced Urgent Care of the Florida Keys on November 6 regarding a ransomware attack that took place on March 1, 2020. [...] In Katonah, New York, a September 1 ransomware attack on Four Winds Hospital locked staff out of computer systems for a fortnight. [...] Unusually, a ransom was demanded of Galstan & Ward Family and Cosmetic Dentistry in Suwanee, Georgia, over the phone by a caller who said that the practice's server had been infected with a computer virus.
https://www.infosecurity-magazine.com/news/cyberattacks-on-three-us/
 
Final HHS Rules Provide Safe Harbor for Cybersecurity Tech Donations
“The cybersecurity exception is broader and includes fewer requirements than the EHR exception as applied to cybersecurity software and services that are necessary and used predominantly to protect electronic health records,” according to the rule. “Among other things, the cybersecurity exception does not require recipients to contribute to the cost of the donated cybersecurity technology or services, while the EHR exception retains the cost contribution requirement for donations of EHR items or services,” it added.
https://healthitsecurity.com/news/final-hhs-rules-provide-safe-harbor-for-cybersecurity-tech-donations
 
Banks see billion-dollar cyber costs soaring even higher in 2021
Big banks and other financial firms predict the cost of warding off cyber criminals will keep climbing in 2021 as they work to secure digital financial services popularized by the pandemic. Cybersecurity topped the list of expected budget increases in a survey of technology spending conducted by Deloitte & Touche LLP, with 64% of executives at financial firms around the globe forecasting a rise.
https://www.crainsnewyork.com/technology/banks-see-billion-dollar-cyber-costs-soaring-even-higher-2021
 
Cyber Threats Could Risk Your Data, Fund managers. Be prepared
Financial institutions have always been one of the top targets for hackers. Unlike large corporations, venture capital (VC) and private equity (PE) firms have small teams, mostly consisting of investment and operations teams, with no dedicated resources for tech or cybersecurity, making the firm vulnerable to threats. Now maybe the right time to evaluate your policies and implement new measures.
https://www.inventiva.co.in/stories/cyber-threats-could-risk-your-data-fund-managers-be-prepared/
 
The Widening Security Holes in Our ‘Datasphere’
Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
https://thecrimereport.org/2020/11/24/1141333/
 
5 Cyber Lessons Learned From the U.S. Election
As we saw during the election, censoring and labeling dis/misinformation did nothing to stop the spread of it. In fact, in general, redacted information piques human curiosity. Naturally, humans are going to reveal the unknown and emotionally reposed to, and spread, said content. Misinformation at the end of the day is like a Chinese finger trap. The more attention you give it and the more you pull on it, the tighter the situation gets. By giving attention to dis/misinformation, we inherently helped spread it.
https://blog.radware.com/security/2020/11/5-cyber-lessons-learned-from-the-u-s-election/
 
Working from Home Sharpens Focus on Cyber Training
New “edge devices” that are outside of the Defense Department enterprise or that are connecting back into the enterprise are also increasing cyber vulnerabilities, he noted. The trend is prompting the services to develop new cybersecurity technologies, he said. “It’s forcing ... the military to really accelerate focuses on technology and push forward a number of things that otherwise might have been delayed for traditional contracting reasons.”
https://www.nationaldefensemagazine.org/articles/2020/11/24/working-from-home-sharpens-focus-on-cyber-training
 
Space Cybersecurity in the Age of Defending Forward
In particular, cybersecurity plans should protect from unauthorized or malicious access by implementing authentication or encryption measures and aligning best practices with the National Institute of Standards and Technology’s Cybersecurity Framework. Plans should account for supply chain risks by “tracking manufactured products, requiring sourcing from trusted supplies,” and “identifying counterfeit, fraudulent, and malicious equipment.”
https://www.lawfareblog.com/space-cybersecurity-age-defending-forward
 
Anonymous Hacks Uganda Police Website
Anonymous shared the following message via its Twitter account @YouAnonCentral on November 20: "#Uganda: Anonymous has taken down @PoliceUg's website in response to recent violent government repression & killings. "Anonymous calls for police to respect human lives & the freedom of peaceful assembly and protest. #UgandaIsBleeding #ugandanlivesmatter."
https://www.infosecurity-magazine.com/news/anonymous-hacks-uganda-police/
 
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
This recent wave of activity appears to be a continuation of previously reported campaigns that have targeted organizations linked to diplomatic relations between the Vatican and the Chinese Communist Party, as well as entities in Myanmar and groups conducting diplomacy in Africa.
https://www.darkreading.com/attacks-breaches/chinese-apt-group-returns-to-target-catholic-church-and-diplomatic-groups/d/d-id/1339515
 
India bans 43 more Chinese apps over cybersecurity concerns
Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement.
https://techcrunch.com/2020/11/24/india-bans-another-43-chinese-apps/
 
British telcos may be fined 10% of revenues for using Huawei gear under new law
If the bill is passed, the government said it plans to fine telecoms firms up to 10% of turnover or £100,000 ($133,000) a day if they fail to comply with the rules. Digital Secretary Oliver Dowden said the bill “will give the U.K. one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
https://www.cnbc.com/2020/11/24/british-telcos-face-10-percent-fines-for-using-huawei.html
 
Security Researchers Sound Alarm on Smart Doorbells
A recent review of nearly a dozen inexpensive video doorbells sold via online markets such as Amazon and eBay uncovered multiple security vulnerabilities in each device. The most serious among them was the practice by some of the devices to send Wi-Fi names, passwords, location information, photos, video, email, and other data back to the manufacturer for no obvious reason.
https://www.darkreading.com/iot/security-researchers-sound-alarm-on-smart-doorbells/d/d-id/1339523
 
Pandemics & privacy: Managing employee data risks
Wellness checks, temperature checks, and observation of an employee’s use of PPE, and adherence to physical distance guidelines are measures that many employers consider to be essential. [...] Prior to COVID-19, most businesses were aware of what employee information they could collect, and guidelines for storage security and duration. Amid the current crisis, the lines have blurred. The additional collection of employee information, no matter how temporary the need, could involve regulations that protect employee privacy, such as the Health Insurance Portability and Accountability Act (HIPAA).
https://www.propertycasualty360.com/2020/11/24/privacy-pandemics-managing-employee-data-risks/
 
TrickBot Gets Updated to Survive Takedown Attempts
What’s more, the malware operators appear to have switched to using MikroTik routers as C&C servers, and were observed using an EmerDNS domain as a backup server. According to Bitdefender, the same EmerCoin key used to administer the server is also employed in the administration of C&C servers for the Bazar backdoor. The list of plugin server configurations has seen modifications as well, with Tor plugin services being eliminated and new <psrva> tags (likely obfuscated IPs) added.
https://www.securityweek.com/trickbot-gets-updated-survive-takedown-attempts
 
‘Minecraft Mods’ Attack More Than 1 Million Android Devices
“The frustrated user closes the app, which promptly vanishes. More precisely, its icon disappears from the smartphone’s menu,” the report said. “Because the ‘modpack’ seemed glitchy from the start, most users, especially kids and teens, won’t waste time looking for it.” Forgotten, the app still runs in the background, working overtime to deliver ads.
https://threatpost.com/minecraft-mods-attack-android-devices/161567/
 
The Solomon Islands is Banning Facebook to Preserve ‘National Unity’
Prime Minister Manasseh Sogavare announced the contentious decision last week, and admitted that the ban—which has not yet come into effect—was mainly aimed at young people. He rejected suggestions that the move was an attempt at silencing the nation’s youth, however, insisting that it was in fact intended to protect them from "vile abusive language" online.
https://www.vice.com/en/article/v7mvy8/the-solomon-islands-is-banning-facebook-to-preserve-national-unity
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo