Critical Response
+1 800 604 4810

News Desk

Curated cyber security news and updates from Critical Insight™.

Get your cyber security briefing, curated by Mike Hamilton.

Mike Hamilton, founder and CISO of Critical Insight, has decades of experience in the Information Security industry. In that time, he has developed a keen eye for IT news that affects how security professionals approach their jobs and the news that will have meaningful impacts on daily life.

Every weekday, Mike curates the top news stories in cyber security, including the latest breaches, security alerts, and industry developments. Readers describe the news blast as their go-to morning source for the latest in InfoSec.

Sign up for the Daily Blast and get it delivered early weekday mornings, just in time for your first cup of coffee.

Latest Cyber Security News Blast

Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 2-26-2021

Cisco Warns of Critical Auth-Bypass Security Flaw
“A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices,” said Cisco on Wednesday. The vulnerability (CVE-2021-1388) ranks 10 (out of 10) on the CVSS vulnerability-rating scale.
https://threatpost.com/cisco-critical-security-flaw/164255/
 
Cyber Attack on Water Supply Is a Wake-up Call for State, Local Governments
Depending on the size of the municipality, local and county governments can often maintain more constituent data than the entire federal government – consider tax records, school enrollment information, licensing data, healthcare records, even criminal backgrounds. [...] Since local governments retain a wealth of personally identifiable information, they have a fiduciary duty – a cyber “Duty of Care” – to safeguard that critical constituent data.
https://www.hstoday.us/subject-matter-areas/infrastructure-security/perspective-cyber-attack-on-water-supply-is-a-wake-up-call-for-state-and-local-governments/
 
Research: Cloud Ransomware Hit Nearly 40% of Healthcare Organizations in 2020
The top consequences of cloud breaches in the healthcare sector were:

  • Unplanned expenses to fix security gaps (24%)
  • Compliance fines (23%) and lawsuits (11%).
  • Most healthcare organizations attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).

https://www.msspalert.com/cybersecurity-research/healthcare-findings-netwrix/
 
Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware
Scanning and exploiting vulnerabilities were the most successful entry points into victims’ networks across all sectors, with 35 percent of attacks. Mirroring earlier reports, it’s the first time vulnerability exploits surpassed phishing-based compromises (33 percent).
https://healthitsecurity.com/news/healthcare-cyberattacks-doubled-in-2020-with-28-tied-to-ransomware
 
'A new dimension of fraud': 6 cybersecurity execs weigh in on vaccine data hacks, manipulations and leaks
What if the efficacy of a drug or vaccine is modified due to a run silent, run deep cybersecurity attack? The same scenario could apply to a specific patient. When we detect a "hack" at least we are in a position to respond; what happens when the hack goes undetected and data is modified? 
https://www.beckershospitalreview.com/cybersecurity/a-new-dimension-of-fraud-6-cybersecurity-execs-weigh-in-on-vaccine-data-hacks-manipulations-and-leaks.html
 
This chart shows the connections between cybercrime groups
Cybercrime groups often have complex supply chains, like real software companies, and they regularly develop relationships within the rest of the e-crime ecosystem to acquire access to essential technology that enables their operations or maximizes their profits.
https://www.zdnet.com/article/this-chart-shows-the-connections-between-cybercrime-groups/
 
Npower app attack exposed customers' bank details
"We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as 'credential stuffing'," the firm said in a statement.
https://www.bbc.com/news/technology-56195631
 
These four new hacking groups are targeting critical infrastructure, warns security company
Some of these new groups have very specific targets – for example, Stibnite focuses on wind turbine companies that generate electric power in Azerbaijan, while Talonite almost exclusively focuses on attempting to gain access to electricity providers in the US.
https://www.zdnet.com/article/these-four-new-hacking-groups-are-targeting-critical-infrastructure-warns-security-company/
 
The Hack Roundup: State Department Cyber Office Clears Committee Amid Push for International Norms
The House Foreign Affairs Committee unanimously approved the creation of a new bureau of international cyberspace policy at the State Department as part of the Cyber Diplomacy Act, a move that could take on more importance in the wake of the massive hack that compromised at least nine federal agencies.
https://www.nextgov.com/cybersecurity/2021/02/hack-roundup-state-department-cyber-office-clears-committee-amid-push-international-norms/172306/
 
DHS’ Mayorkas Announces $25 Million Increase to FEMA Cybersecurity Grants and Future Cyber Plans
Mayorkas also announced he is looking to implement new grant programs through the Cybersecurity and Infrastructure Security Agency (CISA) to support state and local governments, because “the nation’s cybersecurity is only as strong as its weakest link.”
https://www.meritalk.com/articles/dhs-mayorkas-announces-25-million-increase-to-fema-cybersecurity-grants-and-future-cyber-plans/
 
DOJ Indictment Highlights Methods Utilized by State Sponsored Cybercriminal Organization to Attack Major Industry and Government Entities
Importantly, the threat from Lazarus Group members, including the charged defendants, remains ongoing. While DOJ also announced that a Canadian-American citizen had pled guilty to a money laundering charge stemming from related conduct, the charged defendants all remain fugitives and the Lazarus Group’s involvement in state sponsored cyberattacks is expected to continue in the future.
https://www.jdsupra.com/legalnews/doj-indictment-highlights-methods-8824730/
 
The Latest North Korea Cyber Indictment Should Serve as a Model
Since they can address only past behavior, criminal indictments should be coupled with prospective action in order to mitigate ongoing or future actions by the indicted actors or their organizations. In this case, a federal advisory alert detailing the malware currently used by North Korean hackers to target cryptocurrency exchanges accompanied the DOJ indictment.
https://www.justsecurity.org/74930/the-latest-north-korea-cyber-indictment-should-serve-as-a-model/
 
'A reckoning is near': America has a vast overseas military empire. Does it still need it?
"It was designed for a world that still faced another military hegemon," Parsi said. "Now, pandemics, climate chaos, artificial intelligence and 5G are far more important for American national security than having 15 bases in the Indian Ocean."
https://www.usatoday.com/in-depth/news/world/2021/02/25/us-military-budget-what-can-global-bases-do-vs-covid-cyber-attacks/6419013002/
 
These states are on track to pass data privacy laws this year
2021 could be the year that privacy laws become more pervasive across the country, helping Americans wrest back some of the aspects of their digital lives. Here’s a rundown of other state-level privacy laws beyond those in Illinois and California, plus the bills that could be passed into law this year.
https://www.fastcompany.com/90606571/state-data-privacy-laws-2021
 
Code-execution flaw in VMware has a severity rating of 9.8 out of 10
Within a day of VMware issuing a patch, proof-of-concept exploits appeared from at least six different sources. The severity of the vulnerability, combined with the availability of working exploits for both Windows and Linux machines, sent hackers scrambling to actively find vulnerable servers.
https://arstechnica.com/information-technology/2021/02/armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerability/
 
Cryptocurrency exchange in liquidation due to hack, hacked again
The ironic part is that Cryptopia is currently in liquidation, and it has been hacked twice. The company was placed on liquidation in May 2020. According to a New Zealand High Court judge, Justice David Gendall’s ruling on April 8, the account holders own Cryptopia’s remaining crypto-assets instead of the exchange.
https://www.hackread.com/cryptocurrency-exchange-liquidation-hacked-again/
 
Malicious Mozilla Firefox Extension Allows Gmail Takeover
Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known advanced persistent threat (APT) group that researchers believe to be aligned with the Chinese state. The group behind this attack aims to gather information on victims by snooping in on their Firefox browser data and Gmail messages, said researchers.
https://threatpost.com/malicious-mozilla-firefox-gmail/164263/
 
How $100M in Jobless Claims Went to Inmates
A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5 billion in fraudulent jobless benefits — nearly two-thirds of the phony claims it reviewed — was paid out to individuals with Social Security numbers filed in multiple states. Almost $100 million went to more than 13,000 ineligible people who are currently in prison.
https://krebsonsecurity.com/2021/02/how-100m-in-jobless-claims-went-to-inmates/

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe

Real people hunt for threats, investigate events, and respond with incident action plans.

Contact us Request a demo