Critical Response
+1 800 604 4810

News Desk

Curated cyber security news and updates from Critical Insight™.

Get your cyber security briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of Critical Insight, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cyber security, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Latest Cyber Security News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 3-5-2021

Hafnium: Detecting and Mitigating Microsoft Exchange Compromise
Over the past 24 hours, it has become clear just how many organizations have been impacted. The attack against on-premise Microsoft Exchange Servers from Hafnium is widespread and continuing. Today, we sent a communication to our customers with indicators, how to search for evidence of a webshell, what to do if found, and links to patches and other tools. We are sharing that customer communication; the link is a PDF with the security alert and action items from CI's Deputy CISO, John-Luke Peck.
https://www.ci.security/resources/news/article/how-to-handle-the-hafnium-threat-to-microsoft-exchange
 
CISA Orders Federal Agencies to Patch Exchange Servers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, warning that its partners have observed active exploitation of the bugs in Microsoft Exchange on-premises products, which allow attackers to have “persistent system access and control of an enterprise network.”
https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/
 
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
 
Cybercriminals post health system employee information online
According to NBC News, the group stole sensitive employee files from Rehoboth McKinley Christian Health Care Services and posted them to its website, seemingly in an attempt to extort payment. The files reportedly included job applications and background check authorizations that included Social Security numbers.
https://www.healthcareitnews.com/news/cyber-criminals-post-health-system-employee-information-online
 
100K Patients Impacted by Cochise Eye and Laser Ransomware Attack
However, some information was deleted during the security incident, which rendered it impossible to access any data in the scheduling system. The impacted data could include patient names, dates of birth, contact details, and some Social Security numbers stored within the billing software.
https://healthitsecurity.com/news/100k-patients-impacted-by-cochise-eye-and-laser-ransomware-attack
 
HIPAA Security Requirements: What They Really Mean
“[N]othing in HHS’s regulation says that a covered entity’s failure to encrypt three devices means that it never implemented “a mechanism” to encrypt anything at all. … The regulation requires only “a mechanism” for encryption. It does not require a covered entity to warrant that its mechanism provides bulletproof protection of “all systems containing ePHI.”
https://securityboulevard.com/2021/03/hipaa-security-requirements-what-they-really-mean/
 
Scammers impersonate execs to target big payout of investor dollars
Researchers have spotted a new business email compromise (BEC) trend that, if perfected, could represent a significant social engineering threat to the financial investment and private equity community. The scammers are impersonating c-level executives and instructing accounts payable employees to complete a capital call transaction to a fraudulent bank account.
https://www.scmagazine.com/home/email-security/scammers-impersonate-execs-to-target-big-payout-of-investor-dollars/
 
The integration of small business cybersecurity protection and cyber insurance: An emerging trend in 2021
In this situation both parties win: Insurers lower their overall risk by vetting and utilizing the latest technology to reduce the likelihood of an attack, and small business owners no longer need to navigate this complex landscape to determine the correct technology and policy that will cover them in the event of a breach. 
https://www.securitymagazine.com/articles/94746-the-integration-of-small-business-cybersecurity-protection-and-cyber-insurance-an-emerging-trend-in-2021
 
Cyber insurance rates to increase 20-50% this year: Aon
“To maintain a commitment to long-term stable cyber capacity, insurers are reviewing areas in their portfolio where underwriting action is needed, and reevaluating capacity deployment, specifically as it relates to ransomware losses,” the report said.
https://www.businessinsurance.com/article/20210304/NEWS06/912340248/Cyber-insurance-rates-to-increase-20-50-this-year-Aon
 
Cyber insurance: How it has evolved and what lies ahead
“Going forward, we’re working with markets globally to determine how they will approach physical losses (i.e., property damage) if caused by a cyber incident under cyber insurance policies. Very much a work in progress here as a whole industry,” he continued.
https://www.insurancebusinessmag.com/nz/news/breaking-news/cyber-insurance-how-it-has-evolved-and-what-lies-ahead-248373.aspx
 
Biden makes cybersecurity ‘top priority’ in national security guidance
White House Press Secretary Jen Psaki told reporters in a press briefing Wednesday that the guidance communicates the administration’s central priorities for national security policy and seizes on a “once-in-a-generation opportunity to renew America’s advantages at home and abroad.”
https://federalnewsnetwork.com/cybersecurity/2021/03/biden-makes-cybersecurity-top-priority-in-national-security-guidance/
 
Biden’s Pick For Defense Policy Chief Outlines Cyber Deterrence Position
“We need a mix of deterrence by punishment—that is the ability to retaliate in cyberspace and other domains against those who attack us,” Kahl said. He later added this can include actions in cyberspace but also activities like sanctions and diplomatic isolation. “We have to be able to defend our networks.
https://www.nextgov.com/cybersecurity/2021/03/bidens-pick-defense-policy-chief-outlines-cyber-deterrence-position/172457/
 
Report: Russian hackers exploit Lithuanian infrastructure
The annual national security threat assessment report claimed that, among others, the Russian cyber-espionage group APT29 with alleged links to Russia’s intelligence services “exploited” Lithuania’s information technology infrastructure “to carry out attacks by APT29 against foreign entities developing a COVID-19 vaccine.”
https://fredericksburg.com/news/world/report-russian-hackers-exploit-lithuanian-infrastructure/article_f132f72a-c9b9-5058-8645-adc239968391.html
 
Russia-Iran intelligence pact
While information security and cyber security are the agreement’s main objectives, scholars of intelligence studies are well aware of the close connection between information security and counterintelligence. Many would argue that information security is indeed the main objective of counterintelligence (or “intelligence protection,” to use the Islamic regime’s term).
https://www.jns.org/opinion/the-russia-iran-intelligence-pact/
 
Privacy Bill Essentials: Illinois
A new data protection and privacy bill has been introduced in Illinois. This comprehensive bill, titled Consumer Privacy Act (ICPA), would provide more explicit notice and extended rights on what consumers can do with the categories and specific pieces of personal information that a business collects.
https://www.jdsupra.com/legalnews/privacy-bill-essentials-illinois-6043571/
 
Progress towards gender equality in cyber still slow
Ahead of International Women’s Day on 8 March 2021, CIISec’s research paints a disappointing picture of progress around equality in the sector, with 47% of respondents saying that had experienced or observed blatant misogyny that went undisciplined, while 61% said a lack of self-confidence was holding them back, and 50% did not believe they had the needed skills to move to more advanced roles.
https://www.computerweekly.com/news/252497260/Progress-towards-gender-equality-in-cyber-still-slow
 
Google Patches Actively Exploited Flaw in Chrome Browser
Beyond Google noting that it “is aware of reports that an exploit for CVE-2021-21166 exists in the wild,” further information about the glitch is unavailable. That’s because “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to Google.
https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/
 
Would you let users vouch for unknown software's safety with an upvote? Google does
Google has revealed that its internal anti-malware tools include a “social voting” scheme that lets staff vouch for code they want to install won’t do any damage. The ad and search giant’s rationale is that blocking all unknown software works but may limit productivity, while blocking only known unsafe software requires a lot of vetting.
https://www.theregister.com/2021/03/04/google_malware_upvote/
 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo