Copy
CI Security

IT Security News Blast – 11-29-2018

Do You Really Need a Penetration Test?
We often hear from clients that they think they need a penetration test—but they aren’t really sure why. While there are plenty of legitimate reasons to justify a pentest, sometimes it doesn’t make sense from a business and ROI perspective. My long-term colleague and fellow founder of CI Security, Fred Langston, EVP of Professional Services, oversees the penetration testing engagements at CI Security, and authored this article to demystify pen-testing.  After years in the industry, he’s learned that pentest vendors like to sell their customers more pentests—even if that’s not what the client needs. Instead of letting your vendor sell something you don’t necessarily need right now, learn to identify the real triggers when you actually need to run one.
https://ci.security/news/article/do-you-really-need-a-penetration-test
 
Malicious developer creates wormable, fileless variant of njRAT
An analysis of the executable’s script determined that it deletes any file named Tr.exe from the %TEMP% directory and replaces it with its own malicious version, plus a copy of itself. All additional files downloaded from the C2 server, which is located at water-boom [.]duckdns[.]org, will also be stored in the %TEMP% folder. The dropped Tr.exe file is actually a second AutoIt-compiled script that contains yet another executable, this one base-64 encoded. Tr.exe “will use an auto-run registry… named AdobeMX that will execute PowerShell to load the encoded executable via reflective loading,” states the blog post,” meaning that the executable will load from memory instead of via the system’s disks.
https://www.scmagazine.com/home/security-news/cybercrime/malicious-developer-creates-wormable-fileless-variant-of-njrat/
 
HealthEquity Email Hack Breaches Data of 190K Patients
An email hack on two employee email accounts potentially breached the personal data of 190,000 HealthEquity customers. HealthEquity provides health savings accounts and similar services to more than 3.4 million individuals. This is the second breach reported by HealthEquity this year. In June, an unauthorized user hacked into an employee’s email account and breached the data of 16,000 customers. The most recent breach is similar to the June hack. HealthEquity’s security team discovered breach on October 5, where an unauthorized user accessed two employee accounts.
https://healthitsecurity.com/news/healthequity-email-hack-breaches-data-of-190k-patients?eid=CXTEL000000366505
 
Iranians indicted in cyber attack on Atlanta
The defendants, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly collected some $6 million from various victims. Officials declined to say if Atlanta paid a ransom. The defendants, who may still be in Iran, are not in custody. The FBI said the attacks were part of an increase of such activity from Iran, but officials made no allegation that the government of the country was involved.
https://www.ajc.com/news/local/breaking-iranians-indicted-for-alleged-cyber-attack-atlanta/syCHgFndIHHppOM4LO1jZJ/
 
Atrium Health breach: Data from 2.65M patients potentially exposed
Charlotte, North Carolina-based Atrium – formerly known as Carolinas HealthCare System – was contacted by its billing company, AccuDoc Solutions, on Oct. 1, and told that an unauthorized third-party had gained access to AccuDoc's databases between Sept. 22 and Sept. 29. In addition to Atrium itself, other locations managed by it may have been affected, officials said, including Blue Ridge HealthCare System, Columbus Regional Health Network, New Hanover Regional Medical Center Physician Group, Scotland Physicians Network and St. Luke’s Physician Network.
https://www.healthcareitnews.com/news/atrium-health-breach-data-265m-patients-potentially-exposed
 
Cybercriminals targeting accounting and tax professionals
Exactly what tax professionals do to protect themselves isn’t always easy to determine. “Talking about security is sensitive because no one wants to disclose details that could help the bad guys,” said Lisa Patterson, senior communications manager for the corporate office of H&R Block. That said, organizations on both the state and federal level are working to raise awareness of the issue. For example, the week of Dec. 3-7 is National Tax Security Awareness Week.
https://idahobusinessreview.com/2018/11/28/cybercriminals-targeting-accounting-and-tax-professionals/
 
Three Cybersecurity Must-Haves for Small Businesses
47 percent of small businesses had their networks breached at least once by cybercriminals in 2017. (Worse: Almost half those businesses were then hit again.) That’s according to a survey reported in a 2018 USA Today story. After analyzing the alarming data from its survey, the research team concluded that only about three in 10 small businesses would be able to handle a cyberattack if they were hit with one today. [...] The bad news is that hackers know SMBs don’t prioritize cybersecurity, and this is precisely why they target these companies. If you’re a burglar, it makes sense to target the house with the weakest lock.
https://securitytoday.com/articles/2018/11/28/three-cybersecurity-must-haves-for-small-businesses.aspx
 
GoDaddy Highlights Small Business Cybersecurity Paradox
[Small] businesses rarely have the resources to pay and survive fines of thousands or even millions of dollars. They also lack the finances to train staff, adopt cybersecurity technology, and implement sophisticated expertise to protect data. While small and mid-sized businesses (SMBs) must be diligent about data protection and cybersecurity, the professors suggest regulators design legislation proportionate to the size of the business.
https://www.pymnts.com/news/b2b-payments/2018/godaddy-small-business-cybersecurity/
 
The Cybersecurity Mistakes Startups Make When They Get Big [Subscription]
When small businesses start to boom, they often rush to add employees, ramp up production and get bigger offices. But something usually gets left off the to-do list: upgrading their cybersecurity. A growing business means more computers—and that means more weak points in a network that hackers can attack. It also means more employees who aren’t up to speed on security, and who click on suspicious links or fall for online scams.
https://www.wsj.com/articles/the-cybersecurity-mistakes-startups-make-when-they-get-big-1543201321
 
Give SMBs A Break On Cyber Penalties, Researchers Argue
She added that policymakers have designed corporate cybersecurity penalties with large enterprises in mind, with some states requiring up to $2,500 in fines for each exposed customer record, even if the business is not shown to be at fault. Other requirements include customer identity theft protection services paid by the business, or rules that allow consumers that successfully sue a business to retain attorney’s fees from that business. [...] According to Selznick, the “ideal” would be to design safe harbor rules to protect small businesses from liability if they do not behave criminally. “But that doesn’t mean small businesses shouldn’t do anything to protect data,” she noted.
https://www.pymnts.com/news/b2b-payments/2018/small-business-cybersecurity-data-protect/
 
LPL Hit With $2.75M FINRA Fine Over Cyber Infractions
LPL Financial was censured and ordered to pay a $2.75 million fine to the Financial Industry Regulatory Authority as a result of internal supervisory shortcomings in its anti-money laundering (AML) program, resulting in failures to notify the government and FINRA about unauthorized cyber-related activities. FINRA found that LPL failed to file or amend registered representatives’ forms that would have disclosed many reportable customer complaints, according to the letter of acceptance, waiver and consent signed by both parties Oct. 29.
https://www.thinkadvisor.com/2018/11/27/lpl-hit-with-2-75m-finra-fine-over-cyber-infractio/
 
Increasing Cyberthreats To Critical Infrastructure And The Need For Information Sharing
By sharing playbooks and threat information across CIKR, a kind of “herd immunity” can be achieved that denies attackers the element of surprise or the reuse of attack vectors on new victims. Information sharing and analysis centers like the FS-ISAC (financial) and E-ISAC (energy) have been established in recent years to facilitate sharing threat information via common STIX and TAXXI protocols. Programs like the joint DHS-NSA Integrated Adaptive Cyber Defense (IACD) program seek to standardize playbooks, the protocols used to orchestrate tools and information-sharing messaging across a sector.
https://www.forbes.com/sites/forbestechcouncil/2018/11/28/increasing-cyberthreats-to-critical-infrastructure-and-the-need-for-information-sharing/#2ddb61c85770
 
Pegasus Spyware Targets Investigative Journalists in Mexico
The notorious state actor mobile spyware known as Pegasus has resurfaced, targeting the colleagues of a slain Mexican journalist who lived – and died – investigating drug cartels. Journalist Javier Valdez Cárdenas, founder of Río Doce, a Mexican newspaper known for investigating the narco trade, was gunned down near his office in Sinaloa in May 2017. Just days later, Río Doce’s director and a colleague started receiving text messages with a “news alert” that Cárdenas’ killers had been identified.
https://threatpost.com/pegasus-spyware-targets-investigative-journalists-in-mexico/139424/
 
New York Lawmakers Want Social Media History To Be Included In Gun Background Checks
Eric Adams, the president of Brooklyn Borough, and state Senator Kevin Palmer are currently writing the proposed legislation, which would give law enforcement authorities the power to check up to three years of an individual’s social media accounts and internet search history before they are allowed to buy a gun, WCBS Newsradio 880 reported. One of the main aims is to identify any hate speech shared by the users, as the politicians noted that such offensive comments are generally only discovered after mass shootings occur.
https://www.techdirt.com/articles/20181105/08170440982/new-york-lawmakers-want-social-media-history-to-be-included-gun-background-checks.shtml
 
Ad fraud botnet 3ve shut down after infecting 1.7 million PCs
A massive team of security companies and federal agencies worked together to shut down an enormous click fraud operation. Although 3ve, pronounced Eve, started as a small botnet, by the time it was sinkholed, it was using 1.7 million infected computers to falsify billions of ad views, which resulted in businesses paying over $29 million for ads that no real human internet users ever saw.
https://www.csoonline.com/article/3324603/cyber-attacks-espionage/ad-fraud-botnet-3ve-shut-down-after-infecting-17-million-pcs.html
 
New Data Breach exposes 57 million records
A massive 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine. Prior to this publication, there were at least 3 IPs with the identical Elasticsearch clusters misconfigured for public access. First IP was indexed by Shodan on November 14th, 2018. An open Elasticsearch instance exposed personal info of 56,934,021 US citizens, with information such as first name, last name, employers, job title, email, address, state, zip, phone number, and IP address.
https://blog.hackenproof.com/industry-news/new-data-breach-exposes-57-million-records
 
Cisco: Connected Home Will Be Key Driver of IoT by 2022
Cisco Systems Inc.'s VNI report -- a global IP traffic forecast for 2017-2022 -- predicts that 14.6 billion Internet of Things (IoT) devices will be in use by 2022, up from 6.1 billion in 2017: This means that Cisco expects around 50% of the total 28.5 billion device connections anticipated by 2022 will be IoT/machine-to-machine (M2M).
https://www.lightreading.com/iot/iot-strategies/cisco-connected-home-will-be-key-driver-of-iot-by-2022/d/d-id/747816
 
South Carolina inmates accused of scamming U.S. service members in 'sextortion' ring
The investigation into the catfishing scheme was titled "Operation Surprise Party." NCIS estimated that 442 service members from the Army, Navy, Air Force and Marine Corps were scammed out of a combined $560,000. "With nothing more than smartphones and a few keystrokes, South Carolina inmates along with outside accomplices victimized hundreds of people," said Daniel Andrews, director of computer crime investigations for the U.S. Army Criminal Investigation Command.
https://www.nbcnews.com/news/us-news/south-carolina-inmates-accused-scamming-u-s-service-members-sextortion-n941316
 



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2018 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast