News Desk

Curated cybersecurity news and updates from CI Security™.

Get your cybersecurity briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of CI Security, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cybersecurity, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Get curated cybersecurity news delivered to your inbox.




Latest Cybersecurity News Blast

CI Security

IT Security News Blast – 12-12-2019

Microsoft Zaps Actively Exploited Zero-Day Bug

CVE-2019-1458 is an elevation-of-privilege vulnerability in Win32k, which has a live zero-day exploit circulating in the wild. The exploit allows attackers to gain higher privileges on the attacked machine and avoid protection mechanisms in the Google Chrome browser, researchers said. “An attacker could exploit the flaw to execute arbitrary code in kernel mode on the victim’s system,” said Satnam Narang, senior research engineer at Tenable, via email. “From there, the attacker could perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data.”

https://threatpost.com/microsoft-actively-exploited-zero-day-bug/150992/

 

US senators on encryption back doors: “We will impose our will” on Apple and Facebook

“My advice to you is to get on with it," Senator Lindsey Graham told the Silicon Valley giants at today’s Senate Judiciary Committee hearing. “Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.” [...] It's an easy and powerful soundbite for Graham, but actually passing a law on back doors will be a battle with no sure winner. Several lawmakers hinted that Congress won’t accomplish much on this front within the next year.

https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/

 

In Weekend Outage, Diabetes Monitors Fail to Send Crucial Alerts [Registration]

[Around] midnight on Friday, Dexcom suffered a mysterious service outage, leaving thousands of people who rely on the device for critical information in the dark. Many parents who woke up on Saturday morning and learned about the outage hours after it began had to scramble to make sure their children were safe. The affected service, Dexcom Follow, had been partly restored by Monday morning, a company spokesman said. [...] It was not the first time the service went dark: Dexcom experienced a similar outage less than a year ago, on Dec. 31, which it resolved within a day.

https://www.nytimes.com/2019/12/02/well/live/Dexcom-G6-diabetes-monitor-outage.html

 

New Ransomware Spotted Targeting Health, Tech Orgs Via Supply Chain

“Zeppelin appears to be highly configurable and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader,” researchers explained. “The samples are hosted on water-holed websites, and in the case of PowerShell, on Pastebin.” What’s more, the researchers believe that at least some of these attacks were launched through managed security services providers (MSSPs). The attacks bear similarities to another healthcare-heavy threat actor known as Sodinokibi, which typically targets IT managed service providers.

https://healthitsecurity.com/news/new-ransomware-spotted-targeting-health-tech-orgs-via-supply-chain

 

Data protection in the healthcare sector

SHiELD aims to create an open and extendable security architecture (OpenNCP) supported by security mechanisms and privacy by design modelling and analysis tools to provide systematic protection for the storage and exchange of health data across European borders, subject to control by the data subjects, compatible with existing regulatory frameworks, ensuring the privacy, availability and correctness of the data while improving the trust of patients in the security of their data and its use to address their needs3.

https://www.openaccessgovernment.org/data-protection-in-the-healthcare-sector/79169/

 

SWIFT Fraud On the Rise According to EastNets Survey Report

[The] problem of SWIFT fraud may be more widespread and dangerous than originally thought. In the aftermath of the epic $81 million SWIFT fraud attack on Bangladesh Bank in 2016, the SWIFT interbank messaging platform immediately put new safeguards in place in order to neutralize risk. However, EastNets surveyed 200 banks worldwide and found that 4 in 5 of these banks had experienced at least one SWIFT fraud attempt since 2016, and the problem appears to be growing on an annual basis.

https://www.cpomagazine.com/cyber-security/swift-fraud-on-the-rise-according-to-eastnets-survey-report/

 

The Securities and Exchange Commission wants bad guys to know: ‘We’re watching’

They even get involved in cyber security issues. They forced the Options Clearing Corp. — the only clearing agency for exchange listed options contracts on equities — to pay a $15 million fine because it wasn’t doing adequate financial risk management and system security. Altogether, the SEC brought 862 enforcement actions and obtained judgments and orders totaling more than $4.3 billion in disgorgement and penalties in fiscal 2019. And $1.2 billion has been returned to harmed investors.

https://www.cnbc.com/2019/12/11/the-sec-wants-bad-guys-to-know-were-watching.html

 

Cyber attacks probing deeper into computers

The report, authored by Dell’s vice-president of security and client solutions David Konetski, says attackers are now reaching into the BIOS, or basic input/output system. When a computer boots up, the central processing unit communicates with that chip in the motherboard. The chip “acts as the gate to all the computer’s hardware and it gives the commands for how each piece of hardware is supposed to behave and interact,” the report said.

https://biv.com/article/2019/12/cyber-attacks-probing-deeper-computers

 

Political volatility trumps cybersecurity as 2020’s top risk

The DTCC reported that this is the first time in seven years that cyber risk has not taken top spot in its annual industry risk survey. Instead, this year, 23% of respondents pointed to geopolitical risks and trade tensions as their top concern, edging out cyber threats at 22%. “Respondents cited concerns about potential impacts on macroeconomic conditions and growth as well as heightened market volatility,” DTCC reported. The other top concerns in this year’s survey include a U.S. economic slowdown, Brexit and the prospect of an economic slump in Asia.

https://www.investmentexecutive.com/news/research-and-markets/political-volatility-trumps-cybersecurity-as-2020s-top-risk/

 

Iranian bank cyber attack leaves 15 million customers' details online

The details of approximately 15 million Iranians were published on the social media platform Telegram. Although Iran has been involved in a cyber war against the United States and Israel in the past, the country’s government claimed that the breach is not the work of foreign agents. Iran’s Minister of Information and Communications Technology, Mohammad-Javad Azari Jahromi, responded that the attack was the work of a “disgruntled contractor who had access to the accounts and had exposed them as part of an extortion attempt,” according to the Times.

https://www.jpost.com/Middle-East/Iran-News/Iranian-bank-cyber-attack-leaves-15-millions-customers-details-online-610567

 

Iran says it's defused large cyberattack on infrastructure

Iran's telecommunications minister announced on Wednesday that the country has defused a massive cyberattack on unspecified “electronic infrastructure" but provided no specifics on the purported attack. According to the official IRNA news agency, Mohammad Javad Azari Jahromi said the “security attack was very large” and that authorities were investigating its exact dimensions. [...] It was not clear if the reported attack caused any damage or disruptions in Iran's computer and internet systems, and whether it was the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the other.

https://abcnews.go.com/International/wireStory/iran-defused-large-cyberattack-infrastructure-67651205

 

Wassenaar targets cyber-warfare systems, communications surveillance with new rules

The multilateral export control organisation, the Wassenaar Arrangement, held its annual plenary meeting of member states on 4–5 December, and launched new export control measures that will be cascaded into legislation by member states. Under the new provisions to Military List item 21, software designed or modified for the conduct of military offensive cyber operations will be controlled as a military technology and subject to stringent controls by participating states.

https://www.janes.com/article/93116/wassenaar-targets-cyber-warfare-systems-communications-surveillance-with-new-rules

 

WADA Urged To Remain Vigilant For Malicious Activity Following Russia Ban, Cyber Experts Warn

Now that Russia has been banned once more, WADA and the competitions Russia has been banned from, such as the FIFA World Cup, need to remain vigilant. In the run up to Russia's probable appeal of the ban, the likes of IOC, FIFA, WADA, CAS and other organisations working closely with the 2020 Olympics and the 2022 World Cup, as well as groups safeguarding athletes’ personal information, need to remain cognizant of the range of these attacks and attempt to proactively address them.

https://www.informationsecuritybuzz.com/expert-comments/wada-urged-to-remain-vigilant-for-malicious-activity-following-russia-ban-cyber-experts-warn/

 

Cyber Security: Revisiting the Questions the Board Should Ask

The last decade has undoubtedly be a decade of realisation for senior executives around cyber security: This is no longer about risk (things which may or may not happen) or compliance (boxes to tick and unnecessary bureaucracy): The “When-Not-If” paradigm has changed the game. And with it the focus of the Board has shifted towards execution, very often in exchange of significant investments in cyber security – in particular where initial maturity levels were low. This is no longer about understanding what’s being done against cyber threats, it’s about getting it done, and getting it done now.

https://www.business2community.com/cybersecurity/cyber-security-revisiting-the-questions-the-board-should-ask-02266153

 

How to protect airplanes from hackers

“Limited or ineffectual information sharing is leading to opacity of risk among stakeholders, and arguably obfuscates the scale of the aviation-cybersecurity challenge and the way forward,” the authors wrote. In addition to reworking aviation standards to encourage information sharing, they also recommended that all aviation contracts include cybersecurity provisions addressing issues such as vulnerability management and risk assessment.

https://www.politico.com/newsletters/morning-cybersecurity/2019/12/11/how-to-protect-airplanes-from-hackers-783575

 

Intel’s SGX coughs up crypto keys when scientists tweak CPU voltage

Plundervault, as the attack has been dubbed, starts with the assumption that an attacker is able to run privileged software on a targeted computer. While that's a lofty prerequisite, it's precisely the scenario Intel's SGX feature is designed to protect against. The chipmaker bills SGX as a private region that uses hardware-based memory encryption to isolate sensitive computations and data from malicious processes that run with high privilege levels. Intel goes as far as saying that "Only Intel SGX offers such a granular level of control and protection."

https://arstechnica.com/information-technology/2019/12/scientists-pluck-crypto-keys-from-intels-sgx-by-tweaking-cpu-voltage/

 

Failure to secure IoT networks has far-reaching consequences, and transportation is a bullseye target

Recent reports estimate that 250 million IoT-enabled vehicles will be on the road by 2020 as demand for tools like smart driving assistance, car monitoring and geolocation services, predictive maintenance, improved fleet management, and more, continue to rise. Although these tools offer both consumers and businesses exciting new conveniences, millions of connected vehicles means millions of new targets for cyberattacks. The 2019 Sonic Wall Cyber Threat Report indicated that 32.7 million cyberattacks targeting IoT devices occurred in 2018—a 217.5% increase over 2017[.]

https://www.scmagazine.com/home/opinion/executive-insight/failure-to-secure-iot-networks-has-far-reaching-consequences-and-transportation-is-a-bullseye-target/

 

Only Half of Malware Caught by Signature AV

In the past quarter, the share of malware using these obfuscation techniques has jumped to 50% of malicious programs detected at the edge of the network, bypassing common antivirus engines, the company found. Dubbed "zero-day malware," these attacks demonstrate how attackers have adapted to the decades-old signature-based antivirus scanning technology, says Corey Nachreiner, chief technology officer at WatchGuard Technologies.

https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577

 

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated.

https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html

 

Chrome will now warn you if your password's been stolen as soon as you type it in

Within the next few weeks Chrome will roll out a feature that lets you know immediately with a pop-up if you enter a password that's been compromised somewhere, and prompts you to change it everywhere you use it. [...] Chrome's also adding more real-time phishing protections in a similar vein, with predictive phishing warnings for all users, as well as slightly more prominent user badges in the toolbar to make it clearer whose account you're logged into.

https://mashable.com/article/google-chrome-password-data-compromise-feature/

 

Cyber attack targets computer systems at PRIDE, the Florida outfit that uses prison labor

PRIDE Enterprises, a Brandon operation that runs state prison work programs, has been locked out of its computer systems in what it called a potential criminal attack. Employees first noticed the problem on Saturday, and workers there have been unable to access payroll records, email, customer and vendor lists and other day-to-day back end systems. They can’t make financial transactions and the PRIDE’s website is down. [...] Inmates logged more than 3 million hours working for PRIDE last year, earning $1.1 million in wages. That comes out to about 37 cents an hour.

https://www.tampabay.com/florida-politics/buzz/2019/12/11/cyber-attack-targets-computer-systems-at-pride-the-florida-outfit-that-uses-prison-labor/



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo