News Desk

Curated cybersecurity news and updates from CI Security™.

Get your cybersecurity briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of CI Security, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cybersecurity, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Get curated cybersecurity news delivered to your inbox.




Latest Cybersecurity News Blast

CI Security

IT Security News Blast – 4-2-2020

Top Email Protections Fail in Latest COVID-19 Phishing Campaign
The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user’s Microsoft log-in credentials, he said. They also don’t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, according to Cofense. “While these secure email gateways (SEGs) are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed,” Mahdavi wrote in the post.
https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/
 
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers. [...] Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.
https://thehackernews.com/2020/04/backdoor-.html
 
Ex-NSA hacker drops new zero-day doom for Zoom
Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, dropped the two previously undisclosed flaws on his blog Wednesday, which he shared with TechCrunch.
https://techcrunch.com/2020/04/01/zoom-doom/
 
Microsoft warns hospitals of sophisticated ransomware attacks targeting remote workforce
As healthcare organizations move their non-essential employees to work remotely during the COVID pandemic, ransomware operators are trying to find vulnerabilities in network devices like gateway and virtual private network (VPN) appliances. Through Microsoft’s network of threat intelligence sources, the tech giant identified several dozen hospitals with vulnerable gateway and VPN appliances in their infrastructure, Microsoft's Threat Protection Intelligence Team wrote in a blog post on Wednesday.
https://www.fiercehealthcare.com/tech/microsoft-warns-hospitals-sophisticated-ransomware-attacks-targeting-remote-workforce
 
Cloud Services Providers: Please Make Healthcare A Priority
Yesterday, we heard that cloud service providers (CSPs) were starting to ration services. One hospital IT systems administrator reported that they were told by a CSP they had come to rely on for immediate capacity availability that their requests would be cut back. The reason: All of the CSP’s large customers were placing unforeseen demands on their systems. In essence, the CSP had begun rationing its resources.
https://www.forbes.com/sites/johnwebster/2020/04/01/make-healthcare-a-cloud-priority/#296207c075dd
 
Kaspersky Makes Security Products Free for Healthcare Institutions Amid #COVID19 Pandemic
“Doctors, nurses and all medical staff take on most of the load and therefore need any support possible. We feel that it is our duty to support the medical community.” “In order to help these organizations focus on what matters most, we now offer healthcare institutions free licenses for key Kaspersky corporate products for a six-month period.”
https://www.infosecurity-magazine.com/blogs/kaspersky-products-healthcare/
 
Hackers target health care AI amid coronavirus pandemic
“Obviously any disruption or denial of service of any type of medical health technology which interrupts patient care is definitely a significant issue,” said John Riggi, the senior adviser for cybersecurity and risk at the American Hospital Association (AHA). “Worst-case scenario, life-saving medical devices may be rendered inoperable.”
https://thehill.com/policy/cybersecurity/490260-hackers-target-health-care-ai-amid-coronavirus-pandemic
 
Accenture: fintech, cybersecurity and how to manage risk

  • Evolving targets: data is no longer the only target according to Accenture. Rather, companies worldwide are seeing their core systems  - controls systems and infrastructure - being hacked, which can lead to greater disruption.
  • Evolving impact: it’s no longer just about theft. For example, cyberattacks are changing approach from simply stealing data to destroying or altering it to create distrust. Today, data integrity itself is vulnerable.
  • Evolving techniques: attack methods are adapting quickly. Accenture found a focus on “the human layer” that targets the weakest link - people - through phishing and malicious insiders.
https://www.fintechmagazine.com/fintech/accenture-fintech-cybersecurity-and-how-manage-risk
 
Cybersecurity Breaches Threaten Advisors Who Work From Home
.Advisors need to use multi-factor authentication for their clients and themselves for email and for access to the advisory firms’ web portals, he said. Virtual private networks (VPN) can add a layer of security but VPNs they also can slow down the internet service, he added. Once an advisor makes the switch to working at home, he or she needs to change the default password on the computer router, he said.
https://www.fa-mag.com/news/security-breaches-threaten-home-offices-54968.html
 
Managing Escalation Under Layered Cyber Deterrence
Endemic competition is critical to creating the conditions for conflict and escalation. Without the competitive and interactive context, there is no dilemma, only action without reaction. Therefore, understanding the dynamics of international conflict and diplomacy outside of the cyber domain is critical to estimating the probability of escalation within cyberspace.
https://www.lawfareblog.com/managing-escalation-under-layered-cyber-deterrence
 
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees
"Based on the samples we collected, the campaign's decoy documents used the file formats DOC, XLS, and HWP, the Korean government standard word processor format, targeting the users in South Korea." The researchers said the new campaign by Geumeong121 suggests that the group is trying to make a comeback following a setback in December when Microsoft seized nearly 50 malicious domains used by the group in spear-phishing campaigns.
https://www.computing.co.uk/news/4013418/north-korea-linked-geumseong121-apt-group-sending-spear-phishing-emails-target-people-north-korean-refugees
 
Study looks at how Russian troll farms are politicizing vaccines
One divisive area they've latched on to is vaccination, which has been the subject of numerous public controversies of late. But, while it was clear Russian trolls were talking about vaccines on social media, it wasn't clear what they hoped to accomplish. A new study suggests their goals are twofold and create the risk of politicizing an issue that has largely been free of partisan politics. The results provide a preview of where we might be going with coronavirus misinformation and why things might get worse once a vaccine becomes available.
https://arstechnica.com/science/2020/04/study-looks-at-how-russian-troll-farms-are-politicizing-vaccines/
 
The Sinicization of Russia’s Cyber Sovereignty Model
In recent years, Russia has actively mimicked China in its implementation of cyber sovereignty. [...] In 2018, Russia proposed a resolution at the United Nations General Assembly, which some argue legitimizes state surveillance and censorship through its emphasis on sovereignty and non-interference in the internal affairs of countries—terms which have been used by governments to cover up measures that infringe on human rights online.
https://www.cfr.org/blog/sinicization-russias-cyber-sovereignty-model
 
Zoom issues: People hijacking streams, possible security flaws
This new Mac vulnerability can work similarly to a malicious app uploaded onto your phone to get inside a banking app and control it, says Zack Allen, director of threat intelligence at cybersecurity firm ZeroFOX. Another weakness could let an attacker get access to your online meeting and send messages to attendees that, if clicked, would install malware on your computer, he says. 
https://www.usatoday.com/story/tech/2020/04/01/zoom-demand-zooms-but-problems-coronavirus-drives-stay-home-video-chats-zoom-has-issues-beyond-deman/5102150002/
 
Attackers Leverage Excel File Encryption to Deliver Malware
The typical modus operandi has been to hide malware in an Excel file, encrypt the file using a password, and then distribute the malware via phishing emails with the password included in the content. Users who are tricked into opening the encrypted Excel file with the provided password end up downloading malware on their systems.
https://www.darkreading.com/attacks-breaches/attackers-leverage-excel-file-encryption-to-deliver-malware/d/d-id/1337468
 
Cybercriminals targeting Zoom, Google and Teams domains
Cyber gangs have also noted and are taking advantage of the increase in online learning with K-12 and universities opting to continue teaching remotely. This has resulted in domains using Google Classroom in some manner being created replacing googleclassroom.com with googloclassroom\.com and googieclassroom\.com.
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/cybercriminals-targeting-zoom-google-and-teams-domains/
 
8 Infosec Page-Turners for Days Spent Indoors
In times like these, it helps to unwind with a good read. Here, we've rounded up some recommendations for infosec books that have appeared on shelves in the past couple of years. This weekend, we suggest you use some of that downtime to dive into one of these reads.
https://www.darkreading.com/attacks-breaches/8-infosec-page-turners-for-days-spent-indoors/d/d-id/1337375


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo